[nsp-sec] Packetlove from AS702 / 212.157.2.130

Robert robert at servalens.com
Wed Jun 29 11:49:08 EDT 2011 

ACK

Robert
Verizon AS702

On 06/29/2011 09:31 AM, Serge Droz wrote:
> ----------- nsp-security Confidential --------
> 
> Hello List,
> 
> we're getting some packet love since mid-afternoon from 212.157.2.130.
> Any help is appreciated.
> 
>> Top 10 flows ordered by flows:
>> Date flow start          Duration  Proto      Src IP Addr      Dst IP Addr Dst Pt   Packets    Bytes      bps    Bpp Flows
>> 2011-06-29 05:03:04.805   304.165  UDP      212.157.2.130    152.96.109.99  57327     1.8 M  278.7 M    7.3 M    152   195
> 
> ...
> 
>> Date flow start          Duration Proto      Src IP Addr:Port          Dst IP Addr:Port   Packets    Bytes Flows
>> 2011-06-29 15:04:59.696   304.000 UDP      212.157.2.130:2371  ->    152.96.109.99:57327     6152   935104     1
>> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2163  ->    152.96.109.99:57327     6164   936928     1
>> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2078  ->    152.96.109.99:57327     6171   937992     1
>> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2329  ->    152.96.109.99:57327     5867   891784     1
>> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2303  ->    152.96.109.99:57327     5828   885856     1
>> 2011-06-29 15:06:43.684   303.936 UDP      212.157.2.130:2132  ->    152.96.109.99:57327     6104   927808     1
>> 2011-06-29 15:06:43.684   303.936 UDP      212.157.2.130:2229  ->    152.96.109.99:57327     6137   932824     1
>> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2276  ->    152.96.109.99:57327     6045   918840     1
>> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2239  ->    152.96.109.99:57327     5946   903792     1
>> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2241  ->    152.96.109.99:57327     5949   904248     1
>> 2011-06-29 15:06:43.684   303.936 UDP      212.157.2.130:2093  ->    152.96.109.99:57327     6000   912000     1
>> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2184  ->    152.96.109.99:57327     6164   936928     1
>> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2272  ->    152.96.109.99:57327     6108   928416     1
>> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2325  ->    152.96.109.99:57327     5861   890872     1
>> 2011-06-29 15:06:43.684   304.000 UDP      212.157.2.130:2344  ->    152.96.109.99:57327     6067   922184     1
>> 2011-06-29 15:06:43.683   304.000 UDP      212.157.2.130:2127  ->    152.96.109.99:57327     6179   939208     1
>> 2011-06-29 15:06:43.683   304.000 UDP      212.157.2.130:2282  ->    152.96.109.99:57327     6093   926136     1
>> 2011-06-29 15:06:43.683   304.000 UDP      212.157.2.130:2319  ->    152.96.109.99:57327     6173   938296     1
>> 2011-06-29 15:06:43.683   304.000 UDP      212.157.2.130:2203  ->    152.96.109.99:57327     6085   924920     1
> 
> Any help is appreciated
> 
> Thanks a lot
> Serge
>

More information about the nsp-security mailing list