[nsp-sec] DDOS against AS12895
Christoph Sprongl
ch at it-austria.net
Wed Mar 30 02:15:11 EDT 2011
Hi,
on Mar 24 between 9pm - 9.30pm CET our internet infrastructure
[213.150.0.0/19] was under ddos attack.
The main target was 213.150.2.117 www.bcr.ro
The attack wasn't network bandwith related instead at the request level,
UDP ports 80 > 2000x requ./sec.
Here are the TOP Src-IPs, please note UDP-pckts so could be also faked IPs.
88.191.109.116 AS12322 Free SAS / ProXad
88.191.133.160 AS12322 Free SAS / ProXad
66.248.141.98 AS26407 CAROLINANET-AS Guilford Communications, Inc. [proxy
network=?]
188.127.236.36 AS48172 MCS_IT_House_Ltd [Pavel V Bakanov!]
74.62.152.208 AS20001 RoadRunner RR-Orange
69.163.34.124 AS46816 DirectSpace Networks, LLC
94.76.241.22 AS29550 SIMPLYTRANSIT Simply Transit Ltd
Did you see the traffic or any high numbers of related requests?
Do have intel related or background information about the usage of the
related IPs (proxy/botnet/bulletproof networks)?
Similar experiences from that source or that attack pattern with UDP/80
short time of period?
thanks,
christoph
More information about the nsp-security
mailing list