[nsp-sec] UDP attack to 62.72.137.245:53 + 80.81.192.11:113
Steve Colam
steve.colam at daisygroupplc.com
Mon Mar 21 13:54:27 EDT 2011
Hi All,
We have been receiving UDP packet love (about 2.5m pps of it) to the
following destinations:
62.72.137.245 port 53 (network infra, p2p link addr)
80.81.192.11 port 113 (de-cix lan v4 peering prefix)
The decix prefix has caused packet loss for decix on their
transit links.
The attack started: 2011-03-20 22:17 GMT0
and ended : 2011-03-21 12:20 GMT0
I've attached sample data from our netflow, and would appreciate any
assistance in cleaning the attached hosts.
We have no idea why this started.
Many thanks,
Steve @ AS5413
--
Steve Colam
Head of Network Operations
Daisy Communications Mobile: +44 797 153 4844
steve.colam at daisygroupplc.com Direct: +44 208 587 6271
PGP Key ID: 0x1C19D542 http://www.daisygroupplc.com/
-------------- next part --------------
ASN | src ip | Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Flags Tos Packets Bytes Flows | ASN Name
1103 | 145.18.162.165 | 2011-03-21 05:55:12.724 21606.272 UDP 145.18.162.165:49322 - 62.72.137.245:53 .A.... 0 1.1 G 31.3 G 12 | SURFNET-NL SURFnet, The Netherlands
1103 | 145.18.162.165 | 2011-03-21 05:55:13.716 21606.280 UDP 145.18.162.165:49323 - 62.72.137.245:53 .A.... 0 1.1 G 32.1 G 12 | SURFNET-NL SURFnet, The Netherlands
2514 | 219.118.66.66 | 2011-03-21 05:59:59.860 21899.116 UDP 219.118.66.66:38090 - 62.72.137.245:53 .A.... 0 47.3 M 1.4 G 44787 | INFOSPHERE NTT PC Communications, Inc.
3267 | 82.179.86.165 | 2011-03-21 06:00:00.856 21898.136 UDP 82.179.86.165:59875 - 62.72.137.245:53 .A.... 0 43.0 M 1.2 G 41306 | RUNNET State Institute of Information Technologies and
3267 | 82.179.86.165 | 2011-03-21 06:00:00.940 21897.968 UDP 82.179.86.165:50880 - 62.72.137.245:53 .A.... 0 44.6 M 1.3 G 42668 | RUNNET State Institute of Information Technologies and
4134 | 115.238.21.130 | 2011-03-21 05:51:55.920 22378.934 UDP 115.238.21.130:33580 - 80.81.192.11:113 .A.... 0 845.2 M 31.6 G 3098 | CHINANET-BACKBONE No.31,Jin-rong Street
4621 | 202.28.220.13 | 2011-03-21 05:59:59.812 21899.180 UDP 202.28.220.13:42899 - 62.72.137.245:53 .A.... 0 129.3 M 3.7 G 119818 | UNSPECIFIED UNINET-TH
6849 | 91.206.31.115 | 2011-03-21 05:52:05.560 22366.039 UDP 91.206.31.115:56381 - 80.81.192.11:113 .A.... 0 127.5 M 5.1 G 2868 | UKRTELNET JSC UKRTELECOM,
6849 | 91.206.31.115 | 2011-03-21 05:52:07.504 22368.032 UDP 91.206.31.115:43201 - 80.81.192.11:113 .A.... 0 133.7 M 5.2 G 2862 | UKRTELNET JSC UKRTELECOM,
8972 | 62.75.235.23 | 2011-03-21 05:52:44.828 21605.988 UDP 62.75.235.23:38154 - 62.72.137.245:53 .A.... 0 227.6 M 6.6 G 12 | PLUSSERVER-AS PlusServer AG, Germany
8972 | 62.75.235.23 | 2011-03-21 05:52:44.836 21604.928 UDP 62.75.235.23:42624 - 62.72.137.245:53 .A.... 0 239.8 M 7.0 G 12 | PLUSSERVER-AS PlusServer AG, Germany
12389 | 94.25.80.147 | 2011-03-21 05:52:45.828 21604.124 UDP 94.25.80.147:47940 - 62.72.137.245:53 .A.... 72 436.3 M 12.7 G 12 | ROSTELECOM-AS JSC Rostelecom
13213 | 109.123.121.200 | 2011-03-21 05:59:59.900 21899.096 UDP 109.123.121.200:44943 - 62.72.137.245:53 .A.... 0 151.9 M 4.4 G 142262 | UK2NET-AS UK-2 Ltd Autonomous System
13213 | 109.123.86.61 | 2011-03-21 05:59:59.768 21899.224 UDP 109.123.86.61:33255 - 62.72.137.245:53 .A.... 0 201.2 M 5.8 G 183997 | UK2NET-AS UK-2 Ltd Autonomous System
13213 | 109.123.92.240 | 2011-03-21 05:59:59.820 21899.168 UDP 109.123.92.240:40078 - 62.72.137.245:53 .A.... 0 189.4 M 5.5 G 175867 | UK2NET-AS UK-2 Ltd Autonomous System
15497 | 62.149.23.226 | 2011-03-21 05:37:43.772 23229.488 UDP 62.149.23.226:54629 - 62.72.137.245:53 .A.... 0 33.7 M 976.4 M 13 | COLOCALL Internet Data Center _ColoCALL_
15497 | 62.149.23.226 | 2011-03-21 05:52:48.012 21612.404 UDP 62.149.23.226:61452 - 62.72.137.245:53 .A.... 0 47.3 M 1.4 G 12 | COLOCALL Internet Data Center _ColoCALL_
20473 | 216.155.133.132 | 2011-03-21 05:59:59.680 21899.292 UDP 216.155.133.132:50124 - 62.72.137.245:53 .A.... 0 150.9 M 4.4 G 135276 | AS-CHOOPA - Choopa, LLC
20630 | 217.171.66.27 | 2011-03-21 05:59:50.368 21513.884 UDP 217.171.66.27:46583 - 62.72.137.245:53 .A.... 0 13.8 M 399.5 M 60 | SYNCHROLINE SynchroLine Autonomous System
21219 | 193.169.188.184 | 2011-03-21 06:00:05.924 21893.024 UDP 193.169.188.184:51660 - 62.72.137.245:53 .A.... 0 9.8 M 283.4 M 9455 | DATAGROUP PRIVATE JOINT STOCK COMPANY _DATAGROUP_
21844 | 75.125.163.202 | 2011-03-21 05:59:59.560 21899.440 UDP 75.125.163.202:48141 - 62.72.137.245:53 .A.... 0 2.0 G 57.7 G 494614 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
25074 | 213.203.192.10 | 2011-03-21 05:59:43.564 21883.332 ICMP 213.203.192.10:0 - 80.81.192.11:8.0 .A.... 0 11.2 M 941.9 M 201 | INETBONE-AS INET-People Provider Services
25847 | 207.58.128.206 | 2011-03-21 05:59:59.620 21899.316 UDP 207.58.128.206:35783 - 62.72.137.245:53 .A.... 0 220.8 M 6.4 G 187081 | SERVINT - ServInt
29131 | 109.169.28.194 | 2011-03-21 05:59:59.800 11971.188 UDP 109.169.28.194:37934 - 62.72.137.245:53 .A.... 0 115.6 M 3.4 G 106314 | RAPIDSWITCH-AS RapidSwitch
29182 | 62.109.3.204 | 2011-03-21 05:59:59.900 21898.980 UDP 62.109.3.204:39847 - 62.72.137.245:53 .A.... 0 35.3 M 1.0 G 33598 | ISPSYSTEM-AS ISPsystem Autonomous System
29182 | 62.109.3.204 | 2011-03-21 05:59:59.980 21898.972 UDP 62.109.3.204:33371 - 62.72.137.245:53 .A.... 0 35.0 M 1.0 G 33290 | ISPSYSTEM-AS ISPsystem Autonomous System
30890 | 86.55.20.5 | 2011-03-21 05:53:13.756 20640.100 UDP 86.55.20.5:60122 - 62.72.137.245:53 .A.... 0 325.4 M 9.4 G 12 | EVOLVA Evolva Telecom s.r.l.
32613 | 72.55.140.164 | 2011-03-21 05:59:59.580 1619.392 UDP 72.55.140.164:48040 - 62.72.137.245:53 .A.... 0 26.6 M 771.3 M 21167 | IWEB-AS - iWeb Technologies Inc.
35415 | 178.208.75.176 | 2011-03-21 05:59:59.892 21899.040 UDP 178.208.75.176:56897 - 62.72.137.245:53 .A.... 0 63.2 M 1.8 G 60485 | WEBAZILLA WebaZilla European Network
35415 | 178.208.75.176 | 2011-03-21 05:59:59.940 21899.032 UDP 178.208.75.176:41728 - 62.72.137.245:53 .A.... 0 63.2 M 1.8 G 61089 | WEBAZILLA WebaZilla European Network
35415 | 178.208.75.188 | 2011-03-21 05:59:59.912 21898.072 UDP 178.208.75.188:45959 - 62.72.137.245:53 .A.... 0 19.9 M 577.5 M 19377 | WEBAZILLA WebaZilla European Network
35415 | 178.208.75.246 | 2011-03-21 06:00:00.940 21897.960 UDP 178.208.75.246:37446 - 62.72.137.245:53 .A.... 0 9.7 M 280.2 M 9413 | WEBAZILLA WebaZilla European Network
35415 | 178.208.75.246 | 2011-03-21 06:00:01.832 21894.144 UDP 178.208.75.246:49654 - 62.72.137.245:53 .A.... 0 9.3 M 270.4 M 9092 | WEBAZILLA WebaZilla European Network
35415 | 178.208.77.193 | 2011-03-21 06:00:00.900 21893.976 UDP 178.208.77.193:40487 - 62.72.137.245:53 .A.... 0 10.3 M 298.3 M 9994 | WEBAZILLA WebaZilla European Network
35415 | 178.208.78.138 | 2011-03-21 06:00:00.916 21895.972 UDP 178.208.78.138:53856 - 62.72.137.245:53 .A.... 0 10.0 M 290.0 M 9727 | WEBAZILLA WebaZilla European Network
35415 | 178.208.78.138 | 2011-03-21 06:00:05.940 21893.016 UDP 178.208.78.138:36226 - 62.72.137.245:53 .A.... 0 10.4 M 300.3 M 10076 | WEBAZILLA WebaZilla European Network
35415 | 178.208.78.94 | 2011-03-21 06:00:00.892 21896.012 UDP 178.208.78.94:48666 - 62.72.137.245:53 .A.... 0 8.8 M 256.4 M 8590 | WEBAZILLA WebaZilla European Network
35415 | 178.208.81.27 | 2011-03-21 05:59:59.880 21898.992 UDP 178.208.81.27:41195 - 62.72.137.245:53 .A.... 0 21.5 M 623.5 M 20943 | WEBAZILLA WebaZilla European Network
35415 | 178.208.81.27 | 2011-03-21 05:59:59.920 21896.060 UDP 178.208.81.27:51197 - 62.72.137.245:53 .A.... 0 22.0 M 637.9 M 21413 | WEBAZILLA WebaZilla European Network
35415 | 178.208.81.81 | 2011-03-21 05:59:59.848 21122.132 UDP 178.208.81.81:54684 - 62.72.137.245:53 .A.... 0 20.9 M 605.4 M 20281 | WEBAZILLA WebaZilla European Network
35415 | 178.208.81.81 | 2011-03-21 06:00:00.884 21122.056 UDP 178.208.81.81:54321 - 62.72.137.245:53 .A.... 0 21.4 M 619.2 M 20744 | WEBAZILLA WebaZilla European Network
38550 | 110.164.252.224 | 2011-03-21 05:59:59.672 21899.316 UDP 110.164.252.224:39512 - 62.72.137.245:53 .A.... 0 267.1 M 7.7 G 231631 | TTGN-INTER-AS-AP TTGN , INTERNATIONAL INTERNET GATEWAY, THAILAND
38550 | 110.164.252.224 | 2011-03-21 05:59:59.892 21899.100 UDP 110.164.252.224:59059 - 62.72.137.245:53 .A.... 0 252.5 M 7.3 G 230417 | TTGN-INTER-AS-AP TTGN , INTERNATIONAL INTERNET GATEWAY, THAILAND
38930 | 109.237.213.82 | 2011-03-21 05:59:59.928 21896.036 UDP 109.237.213.82:34972 - 62.72.137.245:53 .A.... 0 16.4 M 476.9 M 15938 | FIBERRING Amsterdam, Netherlands
38930 | 109.237.213.82 | 2011-03-21 06:00:01.972 21896.948 UDP 109.237.213.82:37647 - 62.72.137.245:53 .A.... 0 15.8 M 457.8 M 15282 | FIBERRING Amsterdam, Netherlands
40676 | 216.24.193.69 | 2011-03-21 05:59:59.780 21899.216 UDP 216.24.193.69:44208 - 62.72.137.245:53 .A.... 0 43.1 M 1.3 G 40034 | PSYCHZ - Psychz Networks
40676 | 216.24.199.177 | 2011-03-21 06:00:00.848 21896.136 UDP 216.24.199.177:59622 - 62.72.137.245:53 .A.... 0 22.7 M 659.1 M 21455 | PSYCHZ - Psychz Networks
40676 | 216.24.199.177 | 2011-03-21 06:00:00.868 21898.104 UDP 216.24.199.177:34363 - 62.72.137.245:53 .A.... 0 22.4 M 651.0 M 21424 | PSYCHZ - Psychz Networks
40676 | 216.24.199.207 | 2011-03-21 05:59:59.880 21899.100 UDP 216.24.199.207:36770 - 62.72.137.245:53 .A.... 0 92.4 M 2.7 G 86102 | PSYCHZ - Psychz Networks
45629 | 110.164.252.224 | 2011-03-21 05:59:59.672 21899.316 UDP 110.164.252.224:39512 - 62.72.137.245:53 .A.... 0 267.1 M 7.7 G 231631 | JASTEL-NETWORK-TH-AP Jasmine International Tower
45629 | 110.164.252.224 | 2011-03-21 05:59:59.892 21899.100 UDP 110.164.252.224:59059 - 62.72.137.245:53 .A.... 0 252.5 M 7.3 G 230417 | JASTEL-NETWORK-TH-AP Jasmine International Tower
45758 | 110.164.252.224 | 2011-03-21 05:59:59.672 21899.316 UDP 110.164.252.224:39512 - 62.72.137.245:53 .A.... 0 267.1 M 7.7 G 231631 | TRIPLETNET-AS-AP TripleT Internet Internet service provider Bangkok
45758 | 110.164.252.224 | 2011-03-21 05:59:59.892 21899.100 UDP 110.164.252.224:59059 - 62.72.137.245:53 .A.... 0 252.5 M 7.3 G 230417 | TRIPLETNET-AS-AP TripleT Internet Internet service provider Bangkok
47869 | 62.18.252.119 | 2011-03-21 05:33:35.148 23399.528 UDP 62.18.252.119:54623 - 62.72.137.245:53 .A.... 0 11.1 M 320.8 M 144 | NETROUTING-AS Netrouting Data Facilities
47869 | 62.18.252.119 | 2011-03-21 05:50:10.492 22402.220 UDP 62.18.252.119:53373 - 62.72.137.245:53 .A.... 0 10.9 M 315.5 M 139 | NETROUTING-AS Netrouting Data Facilities
49823 | 109.72.212.2 | 2011-03-21 05:59:59.888 21899.056 UDP 109.72.212.2:56422 - 62.72.137.245:53 .A.... 0 19.1 M 554.4 M 18582 | HASTINGWOOD Hastingwood Securities Ltd
197043 | 109.230.211.25 | 2011-03-21 05:52:45.860 21606.136 UDP 109.230.211.25:60622 - 62.72.137.245:53 .A.... 0 328.1 M 9.5 G 12 | WEBTRAFFIC Marcel Edler trading as Optimate-Server
More information about the nsp-security
mailing list