[nsp-sec] 7Mpps udp/80 29bpp attack against 82.130.16.98
Pekka Savola
pekkas at netcore.fi
Wed Jun 29 07:16:53 EDT 2011
Hi,
There was just a brief 7Mpps udp/80 29bpp DoS attack (145 sources)
against 82.130.16.98.
Please check your hosts. The timestamp is UTC, the third row is the
duration and the last number is the number of packets (in millions) or
if there is no dot, in absolute.
The list is sorted by the gravest offenders first.
We just had a successful LE investigation where the attacker could be
traced by log files to a person in Finland. So there is hope :-).
Please investigate and report back if you find anything.
12406 | 212.98.181.78 | 2011-06-29 10:27:40.588 599.277 71.1 | BN-AS Business network j.v.
42018 | 85.255.194.21 | 2011-06-29 10:27:39.914 600.293 65.5 | HOSTBASKET-BACKBONE Hostbasket NV
6697 | 178.124.129.20 | 2011-06-29 10:27:39.967 599.839 63.4 | BELPAK-AS BELPAK
15658 | 212.152.32.21 | 2011-06-29 10:27:39.965 599.656 48.7 | INETCOMM-AS Digit One LLC
12406 | 212.98.181.80 | 2011-06-29 10:27:39.976 599.740 48.4 | BN-AS Business network j.v.
174 | 38.112.63.210 | 2011-06-29 10:27:39.925 600.648 44.8 | COGENT Cogent/PSI
39701 | 88.204.120.53 | 2011-06-29 10:27:39.982 599.723 42.6 | SKYLINE-AS SkyLine Networks. AS object
52201 | 109.68.190.72 | 2011-06-29 10:27:40.542 599.122 35.4 | TCTEL LLC _TC TEL_
3221 | 193.40.0.20 | 2011-06-29 10:27:39.959 600.210 33.9 | EENet Autonomous System
35662 | 77.245.64.242 | 2011-06-29 10:27:39.883 600.104 29.7 | RSI-AS Redstation AS
1853 | 78.104.67.130 | 2011-06-29 10:27:39.928 599.874 29.5 | ACONET ACOnet Backbone
13213 | 83.170.68.105 | 2011-06-29 10:27:40.213 601.529 28.2 | UK2NET-AS UK-2 Ltd Autonomous System
8510 | 92.63.65.114 | 2011-06-29 10:27:40.075 599.600 26.1 | Tomsk town Educational and Scientific network
1955 | 193.6.32.93 | 2011-06-29 10:27:39.930 599.859 25.0 | HBONE-AS HUNGARNET
35371 | 195.64.132.12 | 2011-06-29 10:27:40.007 599.689 24.7 | SOFTKIT-AS Softkit SRL
42369 | 212.187.249.77 | 2011-06-29 10:27:39.940 599.566 21.2 | LB-ICON LB Icon Ltd
174 | 38.119.86.112 | 2011-06-29 10:27:39.983 600.016 21.2 | COGENT Cogent/PSI
1955 | 193.6.33.4 | 2011-06-29 10:27:39.959 599.872 20.4 | HBONE-AS HUNGARNET
39779 | 109.68.33.25 | 2011-06-29 10:27:39.946 599.879 18.7 | MESHDIGITAL Mesh Digital Ltd
12573 | 212.204.205.61 | 2011-06-29 10:27:40.522 599.322 17.1 | WIDEXS ion-ip B.V.
30968 | 109.120.129.66 | 2011-06-29 10:27:40.532 599.967 17.0 | INFOBOX-AS Infobox.ru Autonomous System
12687 | 212.111.201.58 | 2011-06-29 10:27:39.970 599.839 16.8 | URAN URAN Autonomous system
29278 | 79.172.211.157 | 2011-06-29 10:27:40.006 600.090 16.5 | DENINET-HU-AS Deninet KFT
4766 | 218.150.78.26 | 2011-06-29 10:27:40.761 599.475 16.4 | KIXS-AS-KR Korea Telecom
39326 | 77.75.108.7 | 2011-06-29 10:27:40.526 599.711 16.3 | GOSCOMB-AS Goscomb Technologies Limited
16265 | 90.156.236.55 | 2011-06-29 10:27:40.523 599.751 16.3 | LEASEWEB LEASEWEB AS
9293 | 218.213.91.57 | 2011-06-29 10:27:40.794 599.796 16.0 | ARCSTAR-HK-AS-AP Arcstar-hk Route server
12593 | 212.90.168.232 | 2011-06-29 10:27:40.605 599.972 15.4 | AS12593 ISP UkrCom
8893 | 212.72.183.31 | 2011-06-29 10:27:40.525 599.561 14.6 | ARTFILES-AS Artfiles New Media GmbH
1955 | 193.224.40.201 | 2011-06-29 10:27:39.925 599.587 14.5 | HBONE-AS HUNGARNET
8331 | 195.54.209.161 | 2011-06-29 10:27:39.957 599.779 13.9 | RINET-AS Cronyx Plus Ltd (RiNet ISP) Autonomous System
5381 | 77.40.152.163 | 2011-06-29 10:27:40.525 599.297 13.6 | POWTECH-AS PowerTech Information Systems AS
48614 | 195.93.180.247 | 2011-06-29 10:27:39.924 599.876 13.4 | ITSOFT-AS ITSoft Ltd.
8871 | 212.15.88.169 | 2011-06-29 10:27:40.933 598.521 13.1 | CSI-NETWORKS CSI Limited
8560 | 87.106.246.138 | 2011-06-29 10:27:40.610 599.519 12.7 | ONEANDONE-AS 1&1 Internet AG
29278 | 212.92.23.172 | 2011-06-29 10:27:40.006 466.681 12.6 | DENINET-HU-AS Deninet KFT
21034 | 212.43.97.9 | 2011-06-29 10:27:40.578 599.965 12.2 | MICSO-SRL-AS Micso S.r.l.
3218 | 193.232.27.216 | 2011-06-29 10:27:39.928 599.873 12.0 | COSMOS-3218-AS AS-COSMOS root
8560 | 87.106.242.98 | 2011-06-29 10:27:40.611 599.562 11.8 | ONEANDONE-AS 1&1 Internet AG
8359 | 212.40.54.253 | 2011-06-29 10:27:39.964 600.543 11.2 | COMSTAR COMSTAR-Direct global network
27611 | 38.99.85.237 | 2011-06-29 10:27:39.924 599.882 11.2 | AS-NATIVEHOSTING - Native Hosting, Inc.
2200 | 193.49.146.103 | 2011-06-29 10:27:39.938 599.871 11.1 | FR-RENATER Reseau National de telecommunications pour la Technologie
35100 | 91.90.25.141 | 2011-06-29 10:27:40.551 598.905 10.2 | PATRIKWEB-CORE Patrik Lagerman WEB
9121 | 212.174.253.6 | 2011-06-29 10:27:40.653 599.254 10.1 | TTNET Turk Telekomunikasyon Anonim Sirketi
2611 | 193.190.97.200 | 2011-06-29 10:27:39.924 599.858 10.0 | BELNET AS for BELNET, The Belgian National Research and Education Network
8663 | 212.192.128.47 | 2011-06-29 10:27:39.965 599.824 9.9 | KUBANNET State educational institution of higher education Kuban State University
44515 | 212.30.234.13 | 2011-06-29 10:27:40.592 599.260 9.1 | EJS-HYSING-HF Skyrr ehf
2119 | 213.115.137.75 | 2011-06-29 10:27:40.093 600.269 7.9 | TELENOR-NEXTEL Telenor Norge AS
3327 | 212.47.219.51 | 2011-06-29 10:27:40.529 599.250 7.5 | LINXTELECOM Linxtelecom
38930 | 109.237.210.67 | 2011-06-29 10:27:40.588 599.941 6.7 | FIBERRING Amsterdam, Netherlands
25074 | 78.138.119.146 | 2011-06-29 10:27:40.539 468.308 6.7 | INETBONE-AS INET-People Provider Services
28745 | 62.165.41.34 | 2011-06-29 10:27:40.578 599.771 6.3 | SUTTK-AS Southern Urals TransTelecom
15756 | 62.213.68.16 | 2011-06-29 10:27:40.601 599.496 6.3 | CARAVAN CJSC Caravan-Telecom
27611 | 38.99.65.144 | 2011-06-29 10:27:39.946 599.957 6.2 | AS-NATIVEHOSTING - Native Hosting, Inc.
196965 | 109.231.128.190 | 2011-06-29 10:27:40.569 599.371 6.2 | TECHCOM TechCom s.r.o.
12558 | 212.124.160.4 | 2011-06-29 10:27:40.797 599.055 6.1 | YUBC YUBC System
13307 | 195.20.96.3 | 2011-06-29 10:27:40.656 599.346 6.1 | SKIF-AS SKIF ISP Ltd
50181 | 109.110.128.35 | 2011-06-29 10:27:40.589 599.265 6.0 | GAX-KABELSZAT KabelszatNet-2002. Musoreloszto es Kereskedelmi Kft.
24607 | 109.235.64.170 | 2011-06-29 10:27:40.572 599.213 6.0 | LENET UAB Technologiju ir inovaciju centras
28924 | 212.52.166.185 | 2011-06-29 10:27:40.607 599.188 5.9 | INTEGRITY-HU-AS INTEGRITY Informatics Ltd.
8368 | 78.41.68.120 | 2011-06-29 10:27:40.526 599.313 5.7 | BENESOL-BACKBONE Belgian Network Solutions B.V.B.A
51086 | 194.28.240.6 | 2011-06-29 10:27:40.783 599.434 5.7 | SCATPLUS-AS SCATPLUS Ltd.
15418 | 217.174.254.29 | 2011-06-29 10:27:39.946 599.859 5.6 | FASTHOSTS-INTERNET Fasthosts Internet Ltd. Gloucester, UK.
30813 | 78.31.90.2 | 2011-06-29 10:27:39.977 600.265 5.6 | OSTROG-NET-AS Ostrog.Net J. Walega & M. Musiol s.j.
21219 | 193.169.188.29 | 2011-06-29 10:27:40.615 599.279 5.5 | DATAGROUP PRIVATE JOINT STOCK COMPANY _DATAGROUP_
2118 | 194.135.103.239 | 2011-06-29 10:27:40.239 599.573 5.4 | RELCOM-AS Relcom.Business Network Ltd.
8560 | 87.106.227.3 | 2011-06-29 10:27:39.959 207.983 5.3 | ONEANDONE-AS 1&1 Internet AG
4766 | 218.146.255.156 | 2011-06-29 10:27:40.764 599.833 4.7 | KIXS-AS-KR Korea Telecom
29182 | 77.246.146.154 | 2011-06-29 10:27:40.709 599.303 4.5 | ISPSYSTEM-AS ISPsystem Autonomous System
34320 | 193.138.233.109 | 2011-06-29 10:27:40.716 599.113 4.3 | MNW-AS MNW Co Ltd
6568 | 190.129.118.4 | 2011-06-29 10:27:40.723 599.199 4.3 | Ag para el Desarrollo de la Sociedad de la Inf en Bolivia - ADSIB
30764 | 62.129.50.55 | 2011-06-29 10:27:39.982 599.836 4.1 | PODA-AS PODA s.r.o.
45189 | 203.185.191.84 | 2011-06-29 10:27:40.168 599.653 4.1 | SYSTEM3-NET-IN INDIA_S ONLY CARRIER NEUTRAL DATA CENTRE
6739 | 212.21.227.145 | 2011-06-29 10:27:40.645 599.207 4.1 | ONO-AS Cableuropa - ONO
25535 | 212.193.226.194 | 2011-06-29 10:27:40.730 599.095 3.9 | ASN-RUCENTER-HOSTING Autonomous Non-commercial Organization _Regional Network Information Center_
6850 | 195.5.145.10 | 2011-06-29 10:27:39.959 599.197 3.7 | METROCOM-AS CJSC _Metrocom_
12324 | 212.182.1.249 | 2011-06-29 10:27:39.916 599.520 3.6 | LUBMAN-EDU-AS Poland, Lublin
26117 | 38.101.245.34 | 2011-06-29 10:27:39.982 599.963 3.4 | CELAIRO - Celairo LLC
5602 | 109.168.123.77 | 2011-06-29 10:27:40.547 599.308 3.2 | KPNQwest Italia S.p.a
29074 | 195.68.203.172 | 2011-06-29 10:27:40.643 599.397 3.2 | FAUST-ASN FAUST Ltd.
29491 | 195.137.202.149 | 2011-06-29 10:27:40.674 599.094 3.0 | TERABIT Terabit Ltd.
44038 | 195.186.80.20 | 2011-06-29 10:27:40.550 60.202 2.9 | BLUEWIN-AS Swisscom (Schweiz) AG
29074 | 195.68.202.3 | 2011-06-29 10:27:40.653 599.439 2.9 | FAUST-ASN FAUST Ltd.
1680 | 212.150.10.203 | 2011-06-29 10:27:40.778 599.240 2.8 | NV-ASN 013 NetVision Ltd.
33997 | 193.26.13.20 | 2011-06-29 10:27:40.666 598.540 2.7 | DARLICS-AS Darlics ltd. provides IP transport and Internet
25145 | 213.144.99.225 | 2011-06-29 10:27:40.645 599.348 2.6 | TEKNOTEL-AS TEKNOTEL TELEKOMUNIKASYON SANAYI VE TICARET A.S.
2828 | 67.104.146.36 | 2011-06-29 10:27:40.543 599.276 2.4 | XO-AS15 - XO Communications
224 | 193.156.192.73 | 2011-06-29 10:27:40.542 599.848 2.3 | UNINETT UNINETT, The Norwegian University & Research Network
43362 | 78.108.83.46 | 2011-06-29 10:27:40.703 599.082 2.2 | MAJORDOMO MAJORDOMO LLC
49261 | 193.169.4.240 | 2011-06-29 10:27:40.570 599.738 2.1 | SVS-TELECOM-AS SVS-Telecom Ltd.
6325 | 64.107.190.198 | 2011-06-29 10:27:40.528 599.920 1.8 | ILLINOIS-CENTURY - Illinois Century Network
3462 | 60.248.88.250 | 2011-06-29 10:27:40.872 599.505 1.8 | HINET Data Communication Business Group
12570 | 212.96.160.148 | 2011-06-29 10:27:40.609 599.294 1.7 | CBCZ CZECHBONE AS
9304 | 218.189.194.243 | 2011-06-29 10:27:41.385 599.649 1.7 | HUTCHISON-AS-AP Hutchison Global Communications
4621 | 202.29.30.241 | 2011-06-29 10:27:40.254 600.511 1.7 | UNSPECIFIED UNINET-TH
3356 | 212.3.252.37 | 2011-06-29 10:27:40.589 150.499 1.6 | LEVEL3 Level 3 Communications
9304 | 210.0.176.18 | 2011-06-29 10:27:40.242 599.594 M | HUTCHISON-AS-AP Hutchison Global Communications
5602 | 94.141.25.196 | 2011-06-29 10:27:40.542 599.308 1.5 | KPNQwest Italia S.p.a
35000 | 78.140.195.14 | 2011-06-29 10:27:40.912 599.159 1.4 | PROMETEY Prometey Ltd. Autonomous System
5616 | 193.192.161.137 | 2011-06-29 10:27:40.796 599.587 1.4 | MEDIATEL-AS MediaTel S.A.
5602 | 109.168.125.204 | 2011-06-29 10:27:41.071 598.857 1.3 | KPNQwest Italia S.p.a
6876 | 195.138.64.138 | 2011-06-29 10:27:41.075 599.571 1.2 | TENET-AS TeNeT Autonomous System
3329 | 194.30.231.23 | 2011-06-29 10:27:40.806 140.362 1.1 | Hellas OnLine Electronic Communications S.A.
25446 | 213.183.100.11 | 2011-06-29 10:27:40.706 600.241 1.1 | ASN-TOMLINE Tomsk telecommunication company Ltd
702 | 194.153.109.19 | 2011-06-29 10:27:40.738 599.163 1.1 | AS702 Verizon Business EMEA - Commercial IP service provider in Europe
29724 | 63.247.192.16 | 2011-06-29 10:27:40.565 599.431 1.0 | CITINTERNET - CIT Internet
33302 | 63.247.192.16 | 2011-06-29 10:27:40.565 599.431 1.0 | ONS-COS - Data 102, LLC
19262 | 96.243.171.31 | 2011-06-29 10:27:40.651 599.109 931000 | VZGNI-TRANSIT - Verizon Online LLC
12564 | 212.122.188.122 | 2011-06-29 10:27:40.976 599.622 864800 | CMBG-AS Bulgarian Government Autonomous System
3215 | 217.108.108.26 | 2011-06-29 10:27:40.531 599.535 840800 | AS3215 France Telecom - Orange
44146 | 77.37.6.35 | 2011-06-29 10:27:40.664 599.060 809800 | STARHOSTING Star-Hosting e.K.
9931 | 61.19.244.15 | 2011-06-29 10:27:41.080 598.997 771800 | CAT-AP The Communication Authoity of Thailand, CAT
9931 | 61.19.244.7 | 2011-06-29 10:27:41.106 598.842 769400 | CAT-AP The Communication Authoity of Thailand, CAT
5602 | 109.168.125.202 | 2011-06-29 10:27:40.527 599.147 732800 | KPNQwest Italia S.p.a
9304 | 210.3.2.10 | 2011-06-29 10:27:40.851 599.311 672000 | HUTCHISON-AS-AP Hutchison Global Communications
12897 | 213.157.16.82 | 2011-06-29 10:27:40.778 599.000 625200 | HEAGMEDIANET HEAG MediaNet GmbH
5407 | 193.165.170.21 | 2011-06-29 10:28:28.574 1281.814 517600 | SKYNET-CZ SkyNet, a.s. / www.skynet.cz
13194 | 213.226.187.34 | 2011-06-29 10:27:40.948 598.912 509400 | BITE Bite Lietuva
3462 | 60.248.174.66 | 2011-06-29 10:27:40.947 599.007 470800 | HINET Data Communication Business Group
25454 | 212.56.210.110 | 2011-06-29 10:27:40.985 599.515 453000 | ASN-OMD-FNO Orange Moldova Fix Network Autonomous System
3462 | 60.248.132.204 | 2011-06-29 10:27:40.826 599.552 439600 | HINET Data Communication Business Group
9269 | 203.186.97.186 | 2011-06-29 10:27:40.784 598.897 389000 | CTIHK-AS-AP City Telecom (H.K.) Ltd.
18429 | 61.57.129.6 | 2011-06-29 10:27:40.981 599.621 329800 | EXTRALAN-TW Extra-Lan Technologies Co., LTD
5617 | 212.244.39.133 | 2011-06-29 10:27:40.565 599.818 322000 | TPNET Telekomunikacja Polska S.A.
7633 | 203.193.144.4 | 2011-06-29 10:27:40.342 647.934 314400 | SOFTNET-AS-AP Software Technology Parks of India - Bangalore
9498 | 203.193.144.4 | 2011-06-29 10:27:40.342 647.934 314400 | BBIL-AP BHARTI Airtel Ltd.
12519 | 87.252.62.109 | 2011-06-29 10:27:39.897 600.185 278400 | FASTNETUK FastNet International Ltd.
23336 | 67.218.193.120 | 2011-06-29 10:27:40.692 61.133 264400 | SOLIDSPACE-ASN - SolidSpace LLC
7132 | 99.27.112.9 | 2011-06-29 10:27:41.861 598.396 233800 | SBIS-AS - AT&T Internet Services
20115 | 24.247.20.240 | 2011-06-29 10:27:41.256 598.585 206000 | CHARTER-NET-HKY-NC - Charter Communications
9269 | 203.186.246.40 | 2011-06-29 10:27:51.967 589.564 159800 | CTIHK-AS-AP City Telecom (H.K.) Ltd.
12709 | 213.165.189.50 | 2011-06-29 10:27:40.939 599.745 143000 | MELITACABLE Melita Cable plc
3254 | 193.193.194.194 | 2011-06-29 10:27:40.593 10.374 133600 | LUCKYLINE Lucky Line, Ltd.
6769 | 195.182.71.235 | 2011-06-29 10:27:40.717 597.640 95800 | SICN State Enterprise Infostruktura
12530 | 188.163.233.2 | 2011-06-29 10:27:41.262 599.010 93000 | GOLDENTELECOM-UKRAINE Golden Telecom
3215 | 80.13.98.134 | 2011-06-29 10:27:42.250 596.760 86000 | AS3215 France Telecom - Orange
7132 | 99.28.79.94 | 2011-06-29 10:38:51.596 134.611 77400 | SBIS-AS - AT&T Internet Services
3303 | 194.209.107.7 | 2011-06-29 10:27:40.653 151.425 65000 | SWISSCOM Swisscom (Switzerland) Ltd
7545 | 60.241.175.67 | 2011-06-29 10:27:41.258 597.676 53600 | TPG-INTERNET-AP TPG Internet Pty Ltd
8402 | 62.205.163.38 | 2011-06-29 10:27:40.103 543.639 38600 | CORBINA-AS Corbina Telecom
13189 | 78.40.43.179 | 2011-06-29 10:27:44.272 597.235 35000 | LIDERO Lidero Network AB
15962 | 213.151.236.114 | 2011-06-29 10:27:48.289 583.850 29800 | OSK-DNI ORANGE Slovensko - ISP IP backbone
7132 | 99.28.76.156 | 2011-06-29 10:27:41.204 157.997 17600 | SBIS-AS - AT&T Internet Services
9143 | 195.35.192.147 | 2011-06-29 10:27:40.895 567.832 7400 | ZIGGO Ziggo - tv, internet, telefoon
11492 | 24.116.214.138 | 2011-06-29 10:27:50.441 60.072 3200 | CABLEONE - CABLE ONE, INC.
More information about the nsp-security
mailing list