[nsp-sec] ACK AS9293 Re: 7Mpps udp/80 29bpp attack against 82.130.16.98
Taka Mizuguchi
taka at nttv6.jp
Thu Jun 30 06:16:42 EDT 2011
Pekka Savola wrote,on 11/06/29 20:16:
> ----------- nsp-security Confidential --------
>
> Hi,
>
> There was just a brief 7Mpps udp/80 29bpp DoS attack (145 sources)
> against 82.130.16.98.
>
> Please check your hosts. The timestamp is UTC, the third row is the
> duration and the last number is the number of packets (in millions) or
> if there is no dot, in absolute.
>
> The list is sorted by the gravest offenders first.
>
> We just had a successful LE investigation where the attacker could be
> traced by log files to a person in Finland. So there is hope :-). Please
> investigate and report back if you find anything.
>
> 12406 | 212.98.181.78 | 2011-06-29 10:27:40.588 599.277 71.1 | BN-AS
> Business network j.v.
> 42018 | 85.255.194.21 | 2011-06-29 10:27:39.914 600.293 65.5 |
> HOSTBASKET-BACKBONE Hostbasket NV
> 6697 | 178.124.129.20 | 2011-06-29 10:27:39.967 599.839 63.4 | BELPAK-AS
> BELPAK
> 15658 | 212.152.32.21 | 2011-06-29 10:27:39.965 599.656 48.7 |
> INETCOMM-AS Digit One LLC
> 12406 | 212.98.181.80 | 2011-06-29 10:27:39.976 599.740 48.4 | BN-AS
> Business network j.v.
> 174 | 38.112.63.210 | 2011-06-29 10:27:39.925 600.648 44.8 | COGENT
> Cogent/PSI
> 39701 | 88.204.120.53 | 2011-06-29 10:27:39.982 599.723 42.6 |
> SKYLINE-AS SkyLine Networks. AS object
> 52201 | 109.68.190.72 | 2011-06-29 10:27:40.542 599.122 35.4 | TCTEL LLC
> _TC TEL_
> 3221 | 193.40.0.20 | 2011-06-29 10:27:39.959 600.210 33.9 | EENet
> Autonomous System
> 35662 | 77.245.64.242 | 2011-06-29 10:27:39.883 600.104 29.7 | RSI-AS
> Redstation AS
> 1853 | 78.104.67.130 | 2011-06-29 10:27:39.928 599.874 29.5 | ACONET
> ACOnet Backbone
> 13213 | 83.170.68.105 | 2011-06-29 10:27:40.213 601.529 28.2 | UK2NET-AS
> UK-2 Ltd Autonomous System
> 8510 | 92.63.65.114 | 2011-06-29 10:27:40.075 599.600 26.1 | Tomsk town
> Educational and Scientific network
> 1955 | 193.6.32.93 | 2011-06-29 10:27:39.930 599.859 25.0 | HBONE-AS
> HUNGARNET
> 35371 | 195.64.132.12 | 2011-06-29 10:27:40.007 599.689 24.7 |
> SOFTKIT-AS Softkit SRL
> 42369 | 212.187.249.77 | 2011-06-29 10:27:39.940 599.566 21.2 | LB-ICON
> LB Icon Ltd
> 174 | 38.119.86.112 | 2011-06-29 10:27:39.983 600.016 21.2 | COGENT
> Cogent/PSI
> 1955 | 193.6.33.4 | 2011-06-29 10:27:39.959 599.872 20.4 | HBONE-AS
> HUNGARNET
> 39779 | 109.68.33.25 | 2011-06-29 10:27:39.946 599.879 18.7 |
> MESHDIGITAL Mesh Digital Ltd
> 12573 | 212.204.205.61 | 2011-06-29 10:27:40.522 599.322 17.1 | WIDEXS
> ion-ip B.V.
> 30968 | 109.120.129.66 | 2011-06-29 10:27:40.532 599.967 17.0 |
> INFOBOX-AS Infobox.ru Autonomous System
> 12687 | 212.111.201.58 | 2011-06-29 10:27:39.970 599.839 16.8 | URAN
> URAN Autonomous system
> 29278 | 79.172.211.157 | 2011-06-29 10:27:40.006 600.090 16.5 |
> DENINET-HU-AS Deninet KFT
> 4766 | 218.150.78.26 | 2011-06-29 10:27:40.761 599.475 16.4 | KIXS-AS-KR
> Korea Telecom
> 39326 | 77.75.108.7 | 2011-06-29 10:27:40.526 599.711 16.3 | GOSCOMB-AS
> Goscomb Technologies Limited
> 16265 | 90.156.236.55 | 2011-06-29 10:27:40.523 599.751 16.3 | LEASEWEB
> LEASEWEB AS
> 9293 | 218.213.91.57 | 2011-06-29 10:27:40.794 599.796 16.0 |
> ARCSTAR-HK-AS-AP Arcstar-hk Route server
> 12593 | 212.90.168.232 | 2011-06-29 10:27:40.605 599.972 15.4 | AS12593
> ISP UkrCom
> 8893 | 212.72.183.31 | 2011-06-29 10:27:40.525 599.561 14.6 |
> ARTFILES-AS Artfiles New Media GmbH
> 1955 | 193.224.40.201 | 2011-06-29 10:27:39.925 599.587 14.5 | HBONE-AS
> HUNGARNET
> 8331 | 195.54.209.161 | 2011-06-29 10:27:39.957 599.779 13.9 | RINET-AS
> Cronyx Plus Ltd (RiNet ISP) Autonomous System
> 5381 | 77.40.152.163 | 2011-06-29 10:27:40.525 599.297 13.6 | POWTECH-AS
> PowerTech Information Systems AS
> 48614 | 195.93.180.247 | 2011-06-29 10:27:39.924 599.876 13.4 |
> ITSOFT-AS ITSoft Ltd.
> 8871 | 212.15.88.169 | 2011-06-29 10:27:40.933 598.521 13.1 |
> CSI-NETWORKS CSI Limited
> 8560 | 87.106.246.138 | 2011-06-29 10:27:40.610 599.519 12.7 |
> ONEANDONE-AS 1&1 Internet AG
> 29278 | 212.92.23.172 | 2011-06-29 10:27:40.006 466.681 12.6 |
> DENINET-HU-AS Deninet KFT
> 21034 | 212.43.97.9 | 2011-06-29 10:27:40.578 599.965 12.2 |
> MICSO-SRL-AS Micso S.r.l.
> 3218 | 193.232.27.216 | 2011-06-29 10:27:39.928 599.873 12.0 |
> COSMOS-3218-AS AS-COSMOS root
> 8560 | 87.106.242.98 | 2011-06-29 10:27:40.611 599.562 11.8 |
> ONEANDONE-AS 1&1 Internet AG
> 8359 | 212.40.54.253 | 2011-06-29 10:27:39.964 600.543 11.2 | COMSTAR
> COMSTAR-Direct global network
> 27611 | 38.99.85.237 | 2011-06-29 10:27:39.924 599.882 11.2 |
> AS-NATIVEHOSTING - Native Hosting, Inc.
> 2200 | 193.49.146.103 | 2011-06-29 10:27:39.938 599.871 11.1 |
> FR-RENATER Reseau National de telecommunications pour la Technologie
> 35100 | 91.90.25.141 | 2011-06-29 10:27:40.551 598.905 10.2 |
> PATRIKWEB-CORE Patrik Lagerman WEB
> 9121 | 212.174.253.6 | 2011-06-29 10:27:40.653 599.254 10.1 | TTNET Turk
> Telekomunikasyon Anonim Sirketi
> 2611 | 193.190.97.200 | 2011-06-29 10:27:39.924 599.858 10.0 | BELNET AS
> for BELNET, The Belgian National Research and Education Network
> 8663 | 212.192.128.47 | 2011-06-29 10:27:39.965 599.824 9.9 | KUBANNET
> State educational institution of higher education Kuban State University
> 44515 | 212.30.234.13 | 2011-06-29 10:27:40.592 599.260 9.1 |
> EJS-HYSING-HF Skyrr ehf
> 2119 | 213.115.137.75 | 2011-06-29 10:27:40.093 600.269 7.9 |
> TELENOR-NEXTEL Telenor Norge AS
> 3327 | 212.47.219.51 | 2011-06-29 10:27:40.529 599.250 7.5 | LINXTELECOM
> Linxtelecom
> 38930 | 109.237.210.67 | 2011-06-29 10:27:40.588 599.941 6.7 | FIBERRING
> Amsterdam, Netherlands
> 25074 | 78.138.119.146 | 2011-06-29 10:27:40.539 468.308 6.7 |
> INETBONE-AS INET-People Provider Services
> 28745 | 62.165.41.34 | 2011-06-29 10:27:40.578 599.771 6.3 | SUTTK-AS
> Southern Urals TransTelecom
> 15756 | 62.213.68.16 | 2011-06-29 10:27:40.601 599.496 6.3 | CARAVAN
> CJSC Caravan-Telecom
> 27611 | 38.99.65.144 | 2011-06-29 10:27:39.946 599.957 6.2 |
> AS-NATIVEHOSTING - Native Hosting, Inc.
> 196965 | 109.231.128.190 | 2011-06-29 10:27:40.569 599.371 6.2 | TECHCOM
> TechCom s.r.o.
> 12558 | 212.124.160.4 | 2011-06-29 10:27:40.797 599.055 6.1 | YUBC YUBC
> System
> 13307 | 195.20.96.3 | 2011-06-29 10:27:40.656 599.346 6.1 | SKIF-AS SKIF
> ISP Ltd
> 50181 | 109.110.128.35 | 2011-06-29 10:27:40.589 599.265 6.0 |
> GAX-KABELSZAT KabelszatNet-2002. Musoreloszto es Kereskedelmi Kft.
> 24607 | 109.235.64.170 | 2011-06-29 10:27:40.572 599.213 6.0 | LENET UAB
> Technologiju ir inovaciju centras
> 28924 | 212.52.166.185 | 2011-06-29 10:27:40.607 599.188 5.9 |
> INTEGRITY-HU-AS INTEGRITY Informatics Ltd.
> 8368 | 78.41.68.120 | 2011-06-29 10:27:40.526 599.313 5.7 |
> BENESOL-BACKBONE Belgian Network Solutions B.V.B.A
> 51086 | 194.28.240.6 | 2011-06-29 10:27:40.783 599.434 5.7 | SCATPLUS-AS
> SCATPLUS Ltd.
> 15418 | 217.174.254.29 | 2011-06-29 10:27:39.946 599.859 5.6 |
> FASTHOSTS-INTERNET Fasthosts Internet Ltd. Gloucester, UK.
> 30813 | 78.31.90.2 | 2011-06-29 10:27:39.977 600.265 5.6 | OSTROG-NET-AS
> Ostrog.Net J. Walega & M. Musiol s.j.
> 21219 | 193.169.188.29 | 2011-06-29 10:27:40.615 599.279 5.5 | DATAGROUP
> PRIVATE JOINT STOCK COMPANY _DATAGROUP_
> 2118 | 194.135.103.239 | 2011-06-29 10:27:40.239 599.573 5.4 | RELCOM-AS
> Relcom.Business Network Ltd.
> 8560 | 87.106.227.3 | 2011-06-29 10:27:39.959 207.983 5.3 | ONEANDONE-AS
> 1&1 Internet AG
> 4766 | 218.146.255.156 | 2011-06-29 10:27:40.764 599.833 4.7 |
> KIXS-AS-KR Korea Telecom
> 29182 | 77.246.146.154 | 2011-06-29 10:27:40.709 599.303 4.5 |
> ISPSYSTEM-AS ISPsystem Autonomous System
> 34320 | 193.138.233.109 | 2011-06-29 10:27:40.716 599.113 4.3 | MNW-AS
> MNW Co Ltd
> 6568 | 190.129.118.4 | 2011-06-29 10:27:40.723 599.199 4.3 | Ag para el
> Desarrollo de la Sociedad de la Inf en Bolivia - ADSIB
> 30764 | 62.129.50.55 | 2011-06-29 10:27:39.982 599.836 4.1 | PODA-AS
> PODA s.r.o.
> 45189 | 203.185.191.84 | 2011-06-29 10:27:40.168 599.653 4.1 |
> SYSTEM3-NET-IN INDIA_S ONLY CARRIER NEUTRAL DATA CENTRE
> 6739 | 212.21.227.145 | 2011-06-29 10:27:40.645 599.207 4.1 | ONO-AS
> Cableuropa - ONO
> 25535 | 212.193.226.194 | 2011-06-29 10:27:40.730 599.095 3.9 |
> ASN-RUCENTER-HOSTING Autonomous Non-commercial Organization _Regional
> Network Information Center_
> 6850 | 195.5.145.10 | 2011-06-29 10:27:39.959 599.197 3.7 | METROCOM-AS
> CJSC _Metrocom_
> 12324 | 212.182.1.249 | 2011-06-29 10:27:39.916 599.520 3.6 |
> LUBMAN-EDU-AS Poland, Lublin
> 26117 | 38.101.245.34 | 2011-06-29 10:27:39.982 599.963 3.4 | CELAIRO -
> Celairo LLC
> 5602 | 109.168.123.77 | 2011-06-29 10:27:40.547 599.308 3.2 | KPNQwest
> Italia S.p.a
> 29074 | 195.68.203.172 | 2011-06-29 10:27:40.643 599.397 3.2 | FAUST-ASN
> FAUST Ltd.
> 29491 | 195.137.202.149 | 2011-06-29 10:27:40.674 599.094 3.0 | TERABIT
> Terabit Ltd.
> 44038 | 195.186.80.20 | 2011-06-29 10:27:40.550 60.202 2.9 | BLUEWIN-AS
> Swisscom (Schweiz) AG
> 29074 | 195.68.202.3 | 2011-06-29 10:27:40.653 599.439 2.9 | FAUST-ASN
> FAUST Ltd.
> 1680 | 212.150.10.203 | 2011-06-29 10:27:40.778 599.240 2.8 | NV-ASN 013
> NetVision Ltd.
> 33997 | 193.26.13.20 | 2011-06-29 10:27:40.666 598.540 2.7 | DARLICS-AS
> Darlics ltd. provides IP transport and Internet
> 25145 | 213.144.99.225 | 2011-06-29 10:27:40.645 599.348 2.6 |
> TEKNOTEL-AS TEKNOTEL TELEKOMUNIKASYON SANAYI VE TICARET A.S.
> 2828 | 67.104.146.36 | 2011-06-29 10:27:40.543 599.276 2.4 | XO-AS15 -
> XO Communications
> 224 | 193.156.192.73 | 2011-06-29 10:27:40.542 599.848 2.3 | UNINETT
> UNINETT, The Norwegian University & Research Network
> 43362 | 78.108.83.46 | 2011-06-29 10:27:40.703 599.082 2.2 | MAJORDOMO
> MAJORDOMO LLC
> 49261 | 193.169.4.240 | 2011-06-29 10:27:40.570 599.738 2.1 |
> SVS-TELECOM-AS SVS-Telecom Ltd.
> 6325 | 64.107.190.198 | 2011-06-29 10:27:40.528 599.920 1.8 |
> ILLINOIS-CENTURY - Illinois Century Network
> 3462 | 60.248.88.250 | 2011-06-29 10:27:40.872 599.505 1.8 | HINET Data
> Communication Business Group
> 12570 | 212.96.160.148 | 2011-06-29 10:27:40.609 599.294 1.7 | CBCZ
> CZECHBONE AS
> 9304 | 218.189.194.243 | 2011-06-29 10:27:41.385 599.649 1.7 |
> HUTCHISON-AS-AP Hutchison Global Communications
> 4621 | 202.29.30.241 | 2011-06-29 10:27:40.254 600.511 1.7 | UNSPECIFIED
> UNINET-TH
> 3356 | 212.3.252.37 | 2011-06-29 10:27:40.589 150.499 1.6 | LEVEL3 Level
> 3 Communications
> 9304 | 210.0.176.18 | 2011-06-29 10:27:40.242 599.594 M |
> HUTCHISON-AS-AP Hutchison Global Communications
> 5602 | 94.141.25.196 | 2011-06-29 10:27:40.542 599.308 1.5 | KPNQwest
> Italia S.p.a
> 35000 | 78.140.195.14 | 2011-06-29 10:27:40.912 599.159 1.4 | PROMETEY
> Prometey Ltd. Autonomous System
> 5616 | 193.192.161.137 | 2011-06-29 10:27:40.796 599.587 1.4 |
> MEDIATEL-AS MediaTel S.A.
> 5602 | 109.168.125.204 | 2011-06-29 10:27:41.071 598.857 1.3 | KPNQwest
> Italia S.p.a
> 6876 | 195.138.64.138 | 2011-06-29 10:27:41.075 599.571 1.2 | TENET-AS
> TeNeT Autonomous System
> 3329 | 194.30.231.23 | 2011-06-29 10:27:40.806 140.362 1.1 | Hellas
> OnLine Electronic Communications S.A.
> 25446 | 213.183.100.11 | 2011-06-29 10:27:40.706 600.241 1.1 |
> ASN-TOMLINE Tomsk telecommunication company Ltd
> 702 | 194.153.109.19 | 2011-06-29 10:27:40.738 599.163 1.1 | AS702
> Verizon Business EMEA - Commercial IP service provider in Europe
> 29724 | 63.247.192.16 | 2011-06-29 10:27:40.565 599.431 1.0 |
> CITINTERNET - CIT Internet
> 33302 | 63.247.192.16 | 2011-06-29 10:27:40.565 599.431 1.0 | ONS-COS -
> Data 102, LLC
> 19262 | 96.243.171.31 | 2011-06-29 10:27:40.651 599.109 931000 |
> VZGNI-TRANSIT - Verizon Online LLC
> 12564 | 212.122.188.122 | 2011-06-29 10:27:40.976 599.622 864800 |
> CMBG-AS Bulgarian Government Autonomous System
> 3215 | 217.108.108.26 | 2011-06-29 10:27:40.531 599.535 840800 | AS3215
> France Telecom - Orange
> 44146 | 77.37.6.35 | 2011-06-29 10:27:40.664 599.060 809800 |
> STARHOSTING Star-Hosting e.K.
> 9931 | 61.19.244.15 | 2011-06-29 10:27:41.080 598.997 771800 | CAT-AP
> The Communication Authoity of Thailand, CAT
> 9931 | 61.19.244.7 | 2011-06-29 10:27:41.106 598.842 769400 | CAT-AP The
> Communication Authoity of Thailand, CAT
> 5602 | 109.168.125.202 | 2011-06-29 10:27:40.527 599.147 732800 |
> KPNQwest Italia S.p.a
> 9304 | 210.3.2.10 | 2011-06-29 10:27:40.851 599.311 672000 |
> HUTCHISON-AS-AP Hutchison Global Communications
> 12897 | 213.157.16.82 | 2011-06-29 10:27:40.778 599.000 625200 |
> HEAGMEDIANET HEAG MediaNet GmbH
> 5407 | 193.165.170.21 | 2011-06-29 10:28:28.574 1281.814 517600 |
> SKYNET-CZ SkyNet, a.s. / www.skynet.cz
> 13194 | 213.226.187.34 | 2011-06-29 10:27:40.948 598.912 509400 | BITE
> Bite Lietuva
> 3462 | 60.248.174.66 | 2011-06-29 10:27:40.947 599.007 470800 | HINET
> Data Communication Business Group
> 25454 | 212.56.210.110 | 2011-06-29 10:27:40.985 599.515 453000 |
> ASN-OMD-FNO Orange Moldova Fix Network Autonomous System
> 3462 | 60.248.132.204 | 2011-06-29 10:27:40.826 599.552 439600 | HINET
> Data Communication Business Group
> 9269 | 203.186.97.186 | 2011-06-29 10:27:40.784 598.897 389000 |
> CTIHK-AS-AP City Telecom (H.K.) Ltd.
> 18429 | 61.57.129.6 | 2011-06-29 10:27:40.981 599.621 329800 |
> EXTRALAN-TW Extra-Lan Technologies Co., LTD
> 5617 | 212.244.39.133 | 2011-06-29 10:27:40.565 599.818 322000 | TPNET
> Telekomunikacja Polska S.A.
> 7633 | 203.193.144.4 | 2011-06-29 10:27:40.342 647.934 314400 |
> SOFTNET-AS-AP Software Technology Parks of India - Bangalore
> 9498 | 203.193.144.4 | 2011-06-29 10:27:40.342 647.934 314400 | BBIL-AP
> BHARTI Airtel Ltd.
> 12519 | 87.252.62.109 | 2011-06-29 10:27:39.897 600.185 278400 |
> FASTNETUK FastNet International Ltd.
> 23336 | 67.218.193.120 | 2011-06-29 10:27:40.692 61.133 264400 |
> SOLIDSPACE-ASN - SolidSpace LLC
> 7132 | 99.27.112.9 | 2011-06-29 10:27:41.861 598.396 233800 | SBIS-AS -
> AT&T Internet Services
> 20115 | 24.247.20.240 | 2011-06-29 10:27:41.256 598.585 206000 |
> CHARTER-NET-HKY-NC - Charter Communications
> 9269 | 203.186.246.40 | 2011-06-29 10:27:51.967 589.564 159800 |
> CTIHK-AS-AP City Telecom (H.K.) Ltd.
> 12709 | 213.165.189.50 | 2011-06-29 10:27:40.939 599.745 143000 |
> MELITACABLE Melita Cable plc
> 3254 | 193.193.194.194 | 2011-06-29 10:27:40.593 10.374 133600 |
> LUCKYLINE Lucky Line, Ltd.
> 6769 | 195.182.71.235 | 2011-06-29 10:27:40.717 597.640 95800 | SICN
> State Enterprise Infostruktura
> 12530 | 188.163.233.2 | 2011-06-29 10:27:41.262 599.010 93000 |
> GOLDENTELECOM-UKRAINE Golden Telecom
> 3215 | 80.13.98.134 | 2011-06-29 10:27:42.250 596.760 86000 | AS3215
> France Telecom - Orange
> 7132 | 99.28.79.94 | 2011-06-29 10:38:51.596 134.611 77400 | SBIS-AS -
> AT&T Internet Services
> 3303 | 194.209.107.7 | 2011-06-29 10:27:40.653 151.425 65000 | SWISSCOM
> Swisscom (Switzerland) Ltd
> 7545 | 60.241.175.67 | 2011-06-29 10:27:41.258 597.676 53600 |
> TPG-INTERNET-AP TPG Internet Pty Ltd
> 8402 | 62.205.163.38 | 2011-06-29 10:27:40.103 543.639 38600 |
> CORBINA-AS Corbina Telecom
> 13189 | 78.40.43.179 | 2011-06-29 10:27:44.272 597.235 35000 | LIDERO
> Lidero Network AB
> 15962 | 213.151.236.114 | 2011-06-29 10:27:48.289 583.850 29800 |
> OSK-DNI ORANGE Slovensko - ISP IP backbone
> 7132 | 99.28.76.156 | 2011-06-29 10:27:41.204 157.997 17600 | SBIS-AS -
> AT&T Internet Services
> 9143 | 195.35.192.147 | 2011-06-29 10:27:40.895 567.832 7400 | ZIGGO
> Ziggo - tv, internet, telefoon
> 11492 | 24.116.214.138 | 2011-06-29 10:27:50.441 60.072 3200 | CABLEONE
> - CABLE ONE, INC.
--
Taka Mizuguchi
More information about the nsp-security
mailing list