[nsp-sec] Packetlove from AS702 / 212.157.2.130

Serge Droz serge.droz at switch.ch
Wed Jun 29 11:31:22 EDT 2011 

Hello List,

we're getting some packet love since mid-afternoon from 212.157.2.130.
Any help is appreciated.

> Top 10 flows ordered by flows:
> Date flow start          Duration  Proto      Src IP Addr      Dst IP Addr Dst Pt   Packets    Bytes      bps    Bpp Flows
> 2011-06-29 05:03:04.805   304.165  UDP      212.157.2.130    152.96.109.99  57327     1.8 M  278.7 M    7.3 M    152   195

...

> Date flow start          Duration Proto      Src IP Addr:Port          Dst IP Addr:Port   Packets    Bytes Flows
> 2011-06-29 15:04:59.696   304.000 UDP      212.157.2.130:2371  ->    152.96.109.99:57327     6152   935104     1
> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2163  ->    152.96.109.99:57327     6164   936928     1
> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2078  ->    152.96.109.99:57327     6171   937992     1
> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2329  ->    152.96.109.99:57327     5867   891784     1
> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2303  ->    152.96.109.99:57327     5828   885856     1
> 2011-06-29 15:06:43.684   303.936 UDP      212.157.2.130:2132  ->    152.96.109.99:57327     6104   927808     1
> 2011-06-29 15:06:43.684   303.936 UDP      212.157.2.130:2229  ->    152.96.109.99:57327     6137   932824     1
> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2276  ->    152.96.109.99:57327     6045   918840     1
> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2239  ->    152.96.109.99:57327     5946   903792     1
> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2241  ->    152.96.109.99:57327     5949   904248     1
> 2011-06-29 15:06:43.684   303.936 UDP      212.157.2.130:2093  ->    152.96.109.99:57327     6000   912000     1
> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2184  ->    152.96.109.99:57327     6164   936928     1
> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2272  ->    152.96.109.99:57327     6108   928416     1
> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2325  ->    152.96.109.99:57327     5861   890872     1
> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2344  ->    152.96.109.99:57327     6067   922184     1
> 2011-06-29 15:06:43.683   304.000 UDP      212.157.2.130:2127  ->    152.96.109.99:57327     6179   939208     1
> 2011-06-29 15:06:43.683   304.000 UDP      212.157.2.130:2282  ->    152.96.109.99:57327     6093   926136     1
> 2011-06-29 15:06:43.683   304.000 UDP      212.157.2.130:2319  ->    152.96.109.99:57327     6173   938296     1
> 2011-06-29 15:06:43.683   304.000 UDP      212.157.2.130:2203  ->    152.96.109.99:57327     6085   924920     1

Any help is appreciated

Thanks a lot
Serge

-- 
SWITCH
Serving Swiss Universities
--------------------------
Serge Droz, SWITCH-CERT
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 63, fax +41 44 268 15 78
serge.droz at switch.ch, http://www.switch.ch

More information about the nsp-security mailing list