[nsp-sec] comcast?

Walker, Severin Severin_Walker at cable.comcast.com
Tue Dec 20 21:46:55 EST 2011 

Please send me the source IPs and destination subjects and I'll get it to our security operations group immediately.

---
Severin Walker

On Dec 20, 2011, at 9:38 PM, "Rob Thomas" <robt at cymru.com> wrote:

> ----------- nsp-security Confidential --------
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi, team.
> 
>>> Seems I'm suffering from a>  15Gbps DDoS (UDP/161 traffic).
>>> According tot our flows it is coming from AS 7922 (comcast).
> 
> We're seeing the same.  At present here are the top sources by ASN, with
> the Srcips count being the unique IP addresses we've seen in that ASN.
> 
> Srcips ASN       AS Name
> 267563 3352      TELEFONICA-DATA-ESPANA TELEFONICA DE ESPANA
>   4991 33491     COMCAST-33491 - Comcast Cable Communications, Inc.
>   4905 33287     COMCAST-33287 - Comcast Cable Communications, Inc.
>   4890 33652     CMCS - Comcast Cable Communications, Inc.
>   3953 33651     CMCS - Comcast Cable Communications, Inc.
>   3715 33490     COMCAST-33490 - Comcast Cable Communications, Inc.
>   3196 33668     CMCS - Comcast Cable Communications, Inc.
>   2797 33650     COMCAST-33650 - Comcast Cable Communications, Inc.
>   2785 33657     CMCS - Comcast Cable Communications, Inc.
>   2713 7015      COMCAST-7015 - Comcast Cable Communications Holdings, Inc
>   2706 7725      COMCAST-7725 - Comcast Cable Communications Holdings, Inc
>   1855 20214     COMCAST-20214 - Comcast Cable Communications Holdings, Inc
>   1300 33662     CMCS - Comcast Cable Communications, Inc.
>   1226 7016      CCCH-3 - Comcast Cable Communications Holdings, Inc
>   1200 13367     COMCAST-13367 - Comcast Cable Communications Holdings, Inc
>   1124 33660     CMCS - Comcast Cable Communications, Inc.
>    850 21508     COMCAST-21508 - Comcast Cable Communications Holdings, Inc
>    582 22258     COMCAST-22258 - Comcast Cable Communications Holdings, Inc
>    559 33654     CMCS - Comcast Cable Communications, Inc.
>    531 33661     CMCS - Comcast Cable Communications, Inc.
>    527 33489     COMCAST-33489 - Comcast Cable Communications, Inc.
>    449 812       ROGERS-CABLE - Rogers Cable Communications Inc.
>    289 33653     CMCS - Comcast Cable Communications, Inc.
>    232 7922      COMCAST-7922 - Comcast Cable Communications, Inc.
>    199 33656     CMCS - Comcast Cable Communications, Inc.
>    145 33655     CMCS - Comcast Cable Communications, Inc.
>    135 46853     SWTEXAS - Southwest Texas Telephone Company
>    124 3269      ASN-IBSNAZ Telecom Italia S.p.a.
>     85 33665     CMCS - Comcast Cable Communications, Inc.
>     82 33666     CMCS - Comcast Cable Communications, Inc.
>     80 5778      EMBARQ-RCMT - Embarq Corporation
> 
> Comcast and Telefonica, you've got amplification!  :)  Hit me up for a
> full list of the source IP addresses.
> 
> We'll try to push out a full list of attackers as soon as we can.
> 
>> guessing this is more snmp reflective dos... and like CPE/modems
>> bouncing back 'sys.Descr.0' or the like :(
> 
> We're working on determining that now.
> 
> Thanks,
> Rob.
> - --
> Rob Thomas
> Team Cymru
> https://www.team-cymru.org/
> "Say little and do much." M Avot 1:15
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (Darwin)
> 
> iQCVAwUBTvFGl1kX3QAo5sgJAQIGNQP8Dl5yW9jaJj/v4G50UVs4hpKAm1Uztg50
> Ehxfy5NkS20rQF2GkWICt5OAPcepF45Q6J/P6B2hzeePowMaxje+xy0f9whcTvkE
> MB8VwGF3RhKVOeuTC53mO4tRALAKXf+y3T1fFLOvPZINOD8E3xblc8mYD9ySXPYa
> xkDkGzhTFms=
> =6UQG
> -----END PGP SIGNATURE-----
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________

More information about the nsp-security mailing list