[nsp-sec] 7Mpps udp/80 29bpp attack against 82.130.16.98
Pekka Savola
pekkas at netcore.fi
Fri Jul 1 01:50:51 EDT 2011
> There was just a brief 7Mpps udp/80 29bpp DoS attack (145 sources) against
> 82.130.16.98.
>
> Please check your hosts. The timestamp is UTC, the third row is the duration
> and the last number is the number of packets (in millions) or if there is no
> dot, in absolute.
>
> The list is sorted by the gravest offenders first.
>
> We just had a successful LE investigation where the attacker could be traced
> by log files to a person in Finland. So there is hope :-). Please
> investigate and report back if you find anything.
...
Yesterday, the very same kind of 7Mpps attack re-occurred against the
same target. This time with 100 sources. 76 earlier hosts were no
longer participating. There were 32 new sources.
The list below includes new sources:
174 | 38.105.70.158 | US | 2011-06-30 14:03:45.878 600.067 10.4 | COGENT Cogent/PSI
600 | 208.108.129.141 | US | 2011-06-30 14:03:45.891 599.259 1.7 | OARNET-AS - OARnet
2118 | 193.124.83.95 | RU | 2011-06-30 14:03:45.129 599.043 7.0 | RELCOM-AS Relcom.Business Network Ltd.
3112 | 208.108.129.141 | US | 2011-06-30 14:03:45.891 599.259 1.7 | OARNET-AS-1 - OARnet
3462 | 211.75.244.91 | TW | 2011-06-30 14:03:46.356 1205.176 1.7 | HINET Data Communication Business Group
4589 | 195.86.39.15 | NL | 2011-06-30 14:03:46.021 599.616 2.0 | EASYNET Easynet Global Services
5483 | 195.228.155.235 | HU | 2011-06-30 14:03:45.913 599.980 14.0 | HTC-AS Hungarian Telecom ; Magyar Telekom
6122 | 205.221.40.15 | US | 2011-06-30 14:03:45.946 600.011 5.1 | ICN-AS - Iowa Communications Network
6428 | 206.196.111.105 | US | 2011-06-30 14:03:45.210 599.789 65.4 | CDM - CDM
8399 | 81.93.2.147 | FR | 2011-06-30 14:03:45.128 599.308 87.2 | ORNIS-AS RISC GROUP IT SOLUTIONS S.A.
8758 | 212.25.4.4 | CH | 2011-06-30 14:03:46.201 599.701 1.5 | DOLPHINS Iway AG
8897 | 194.164.97.108 | GB | 2011-06-30 14:03:45.874 599.159 24.9 | KCOM-SPN KCOM Group PLC
11078 | 128.148.66.153 | US | 2011-06-30 14:03:45.885 600.065 9.4 | BROWN - Brown University
11427 | 71.40.59.18 | US | 2011-06-30 14:03:45.931 599.061 3.7 | SCRR-11427 - Road Runner HoldCo LLC
12200 | 209.20.88.127 | US | 2011-06-30 14:03:46.127 599.685 1.4 | SLICE - Slicehost LLC
14242 | 204.8.122.231 | US | 2011-06-30 14:03:45.903 1199.604 10.5 | LOGICALSOLUTIONS - LogicalSolutions.net
15658 | 212.152.32.201 | RU | 2011-06-30 14:03:45.151 599.865 27.6 | INETCOMM-AS Digit One LLC
18886 | 216.170.85.28 | US | 2011-06-30 14:03:45.911 599.156 9.0 | INLINE-NET - Inline Connections
20473 | 216.155.136.36 | US | 2011-06-30 14:03:45.900 600.051 9.6 | AS-CHOOPA - Choopa, LLC
20877 | 87.237.106.74 | RO | 2011-06-30 14:03:45.954 599.300 17.6 | DATEK DATEK Telecom SRL
21570 | 208.70.106.59 | CA | 2011-06-30 14:03:45.899 598.991 3.5 | ACI-1 - Accelerated Connections Inc.
21840 | 207.150.188.72 | US | 2011-06-30 14:03:45.889 599.495 5.9 | SAGONET-TPA - Sago Networks
21844 | 209.62.109.210 | US | 2011-06-30 14:03:45.871 600.078 13.1 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
22241 | 216.73.115.122 | US | 2011-06-30 14:03:45.956 599.266 1.9 | IC2NET - IC2NET
29761 | 204.152.200.210 | US | 2011-06-30 14:03:46.029 599.930 7.1 | OC3-NETWORKS-AS-NUMBER - OC3 Networks & Web Solutions, LLC
30496 | 207.7.84.66 | US | 2011-06-30 14:03:45.882 599.088 4.7 | COLO4 - Colo4Dallas LP
31886 | 131.104.167.130 | CA | 2011-06-30 14:03:46.008 599.939 9.8 | UOGUELPH - University of Guelph
32097 | 208.89.208.159 | US | 2011-06-30 14:03:45.910 600.040 3.0 | WII-KC - WholeSale Internet, Inc.
32748 | 208.100.4.157 | US | 2011-06-30 14:03:45.152 599.936 4.7 | STEADFAST - Steadfast Networks
33070 | 72.3.222.181 | US | 2011-06-30 14:03:45.872 599.092 10.6 | RMH-14 - Rackspace Hosting
33322 | 208.82.117.79 | US | 2011-06-30 14:03:46.038 599.941 5.3 | NDCHOST - Network Data Center Host, Inc.
40244 | 208.85.4.12 | US | 2011-06-30 14:03:45.878 599.569 9.7 | TURNKEY-INTERNET - Turnkey Internet Inc.
50465 | 193.106.174.100 | RU | 2011-06-30 14:03:45.139 599.389 17.1 | IQHOST IQHost Ltd
Here are the old, still continuing ones, sorted by the AS:
174 | 38.112.63.210 | US | 2011-06-30 14:03:45.146 600.328 40.8 | COGENT Cogent/PSI
174 | 38.119.86.112 | US | 2011-06-30 14:03:45.170 600.008 26.6 | COGENT Cogent/PSI
1680 | 212.150.10.203 | IL | 2011-06-30 14:03:46.109 599.465 2.1 | NV-ASN 013 NetVision Ltd.
1853 | 78.104.67.130 | AT | 2011-06-30 14:03:45.186 599.859 50.5 | ACONET ACOnet Backbone
1955 | 193.224.40.201 | HU | 2011-06-30 14:03:45.146 599.227 31.5 | HBONE-AS HUNGARNET
1955 | 193.6.33.4 | HU | 2011-06-30 14:03:45.143 599.923 42.4 | HBONE-AS HUNGARNET
2118 | 194.135.103.239 | RU | 2011-06-30 14:03:45.188 600.650 4.8 | RELCOM-AS Relcom.Business Network Ltd.
2611 | 193.190.97.200 | BE | 2011-06-30 14:03:45.126 599.904 21.0 | BELNET AS for BELNET, The Belgian National Research and Education Network
3218 | 193.232.27.216 | RU | 2011-06-30 14:03:45.167 599.822 14.3 | COSMOS-3218-AS AS-COSMOS root
3221 | 193.40.0.20 | EE | 2011-06-30 14:03:45.174 599.986 70.4 | EENet Autonomous System
3327 | 212.47.219.51 | EU | 2011-06-30 14:03:45.960 599.905 7.8 | LINXTELECOM Linxtelecom
3329 | 194.30.231.23 | GR | 2011-06-30 14:03:46.096 177.535 1.5 | Hellas OnLine Electronic Communications S.A.
4621 | 202.29.30.241 | TH | 2011-06-30 14:03:45.315 599.807 19.1 | UNSPECIFIED UNINET-TH
4766 | 218.146.255.156 | KR | 2011-06-30 14:03:46.155 599.325 5.7 | KIXS-AS-KR Korea Telecom
4766 | 218.150.78.26 | KR | 2011-06-30 14:03:46.132 599.333 17.0 | KIXS-AS-KR Korea Telecom
5381 | 77.40.152.163 | NO | 2011-06-30 14:03:45.878 600.012 14.3 | POWTECH-AS PowerTech Information Systems AS
5602 | 109.168.123.77 | IT | 2011-06-30 14:03:45.908 599.321 3.4 | KPNQwest Italia S.p.a
6325 | 64.107.190.198 | US | 2011-06-30 14:03:45.975 599.999 1.9 | ILLINOIS-CENTURY - Illinois Century Network
6739 | 212.21.227.145 | ES | 2011-06-30 14:03:46.183 599.727 10.8 | ONO-AS Cableuropa - ONO
6850 | 195.5.145.10 | RU | 2011-06-30 14:03:45.143 599.894 4.7 | METROCOM-AS CJSC _Metrocom_
8359 | 212.40.54.253 | UA | 2011-06-30 14:03:45.167 600.441 19.2 | COMSTAR COMSTAR-Direct global network
8368 | 78.41.68.120 | BE | 2011-06-30 14:03:45.874 599.523 5.2 | BENESOL-BACKBONE Belgian Network Solutions B.V.B.A
8510 | 92.63.65.114 | RU | 2011-06-30 14:03:45.208 599.368 44.6 | Tomsk town Educational and Scientific network
8560 | 87.106.246.138 | DE | 2011-06-30 14:03:45.986 599.746 16.8 | ONEANDONE-AS 1&1 Internet AG
8663 | 212.192.128.47 | RU | 2011-06-30 14:03:45.178 599.114 11.5 | KUBANNET State educational institution of higher education Kuban State University
8871 | 212.15.88.169 | GB | 2011-06-30 14:03:45.277 598.695 66.7 | CSI-NETWORKS CSI Limited
9121 | 212.174.253.6 | TR | 2011-06-30 14:03:46.021 599.936 10.9 | TTNET Turk Telekomunikasyon Anonim Sirketi
9293 | 218.213.91.57 | HK | 2011-06-30 14:03:46.130 599.295 16.3 | ARCSTAR-HK-AS-AP Arcstar-hk Route server
9304 | 210.0.176.18 | HK | 2011-06-30 14:03:45.358 599.293 3.3 | HUTCHISON-AS-AP Hutchison Global Communications
9931 | 61.19.244.15 | TH | 2011-06-30 14:03:46.481 599.516 1.6 | CAT-AP The Communication Authoity of Thailand, CAT
12324 | 212.182.1.249 | PL | 2011-06-30 14:03:45.178 599.500 14.2 | LUBMAN-EDU-AS Poland, Lublin
12406 | 212.98.181.78 | BY | 2011-06-30 14:03:45.170 599.729 84.4 | BN-AS Business network j.v.
12406 | 212.98.181.80 | BY | 2011-06-30 14:03:45.170 599.893 62.6 | BN-AS Business network j.v.
12558 | 212.124.160.4 | RS | 2011-06-30 14:03:46.341 599.561 7.5 | YUBC YUBC System
12573 | 212.204.205.61 | NL | 2011-06-30 14:03:45.876 600.019 17.9 | WIDEXS ion-ip B.V.
12593 | 212.90.168.232 | UA | 2011-06-30 14:03:45.998 598.995 16.2 | AS12593 ISP UkrCom
13213 | 83.170.68.105 | GB | 2011-06-30 14:03:45.455 599.591 51.7 | UK2NET-AS UK-2 Ltd Autonomous System
13307 | 195.20.96.3 | UA | 2011-06-30 14:03:46.001 599.291 7.0 | SKIF-AS SKIF ISP Ltd
15658 | 212.152.32.21 | RU | 2011-06-30 14:03:45.156 600.511 49.7 | INETCOMM-AS Digit One LLC
15756 | 62.213.68.16 | RU | 2011-06-30 14:03:45.153 600.584 17.2 | CARAVAN CJSC Caravan-Telecom
16265 | 90.156.236.55 | RU | 2011-06-30 14:03:45.882 599.208 17.1 | LEASEWEB LEASEWEB AS
24607 | 109.235.64.170 | LT | 2011-06-30 14:03:46.006 599.223 6.1 | LENET UAB Technologiju ir inovaciju centras
25145 | 213.144.99.225 | TR | 2011-06-30 14:03:46.033 599.530 2.7 | TEKNOTEL-AS TEKNOTEL TELEKOMUNIKASYON SANAYI VE TICARET A.S.
25535 | 212.193.226.194 | RU | 2011-06-30 14:03:46.015 599.909 4.7 | ASN-RUCENTER-HOSTING Autonomous Non-commercial Organization _Regional Network Information Center_
27611 | 38.99.65.144 | US | 2011-06-30 14:03:45.162 599.991 13.6 | AS-NATIVEHOSTING - Native Hosting, Inc.
27611 | 38.99.85.237 | US | 2011-06-30 14:03:45.151 600.812 17.1 | AS-NATIVEHOSTING - Native Hosting, Inc.
28745 | 62.165.41.34 | RU | 2011-06-30 14:03:45.920 599.766 12.8 | SUTTK-AS Southern Urals TransTelecom
28924 | 212.52.166.185 | HU | 2011-06-30 14:03:46.065 599.829 7.3 | INTEGRITY-HU-AS INTEGRITY Informatics Ltd.
29074 | 195.68.203.172 | UA | 2011-06-30 14:03:45.975 599.504 3.4 | FAUST-ASN FAUST Ltd.
29182 | 77.246.146.154 | RU | 2011-06-30 14:03:45.990 599.775 4.9 | ISPSYSTEM-AS ISPsystem Autonomous System
29278 | 212.92.23.172 | HU | 2011-06-30 14:03:45.890 316.086 8.8 | DENINET-HU-AS Deninet KFT
29491 | 195.137.202.149 | UA | 2011-06-30 14:03:45.162 600.718 13.0 | TERABIT Terabit Ltd.
30764 | 62.129.50.55 | CZ | 2011-06-30 14:03:45.133 600.722 5.7 | PODA-AS PODA s.r.o.
30813 | 78.31.90.2 | PL | 2011-06-30 14:03:45.185 599.850 15.0 | OSTROG-NET-AS Ostrog.Net J. Walega & M. Musiol s.j.
30968 | 109.120.129.66 | RU | 2011-06-30 14:03:45.882 600.058 17.6 | INFOBOX-AS Infobox.ru Autonomous System
35100 | 91.90.25.141 | SE | 2011-06-30 14:03:45.891 599.619 10.5 | PATRIKWEB-CORE Patrik Lagerman WEB
35371 | 195.64.132.12 | EU | 2011-06-30 14:03:45.167 599.938 57.7 | SOFTKIT-AS Softkit SRL
35662 | 77.245.64.242 | GB | 2011-06-30 14:03:45.948 599.795 17.9 | RSI-AS Redstation AS
39779 | 109.68.33.25 | GB | 2011-06-30 14:03:45.134 599.916 39.3 | MESHDIGITAL Mesh Digital Ltd
42018 | 85.255.194.21 | BE | 2011-06-30 14:03:45.111 600.526 116.7 | HOSTBASKET-BACKBONE Hostbasket NV
44038 | 195.186.80.20 | CH | 2011-06-30 14:03:45.896 60.121 3.1 | BLUEWIN-AS Swisscom (Schweiz) AG
44515 | 212.30.234.13 | IS | 2011-06-30 14:03:45.926 599.956 9.2 | EJS-HYSING-HF Skyrr ehf
48614 | 195.93.180.247 | RU | 2011-06-30 14:03:45.161 599.308 24.5 | ITSOFT-AS ITSoft Ltd.
49261 | 193.169.4.240 | RU | 2011-06-30 14:03:45.923 599.245 2.0 | SVS-TELECOM-AS SVS-Telecom Ltd.
50181 | 109.110.128.35 | HU | 2011-06-30 14:03:45.955 599.961 3.1 | GAX-KABELSZAT KabelszatNet-2002. Musoreloszto es Kereskedelmi Kft.
51086 | 194.28.240.6 | RU | 2011-06-30 14:03:46.106 599.716 5.6 | SCATPLUS-AS SCATPLUS Ltd.
52201 | 109.68.190.72 | RU | 2011-06-30 14:03:45.899 599.060 44.3 | TCTEL LLC _TC TEL_
More information about the nsp-security
mailing list