[nsp-sec] DDoS against 206.130.91.109
Schiller, Heather A
heather.schiller at verizon.com
Tue Oct 25 20:36:11 EDT 2011
Popular day for UDP/80/0 attacks -- we saw 3 of them within a couple of hours to different customers. I didn't notice any overlap in source IP's from what you have listed.
--heather
-----Original Message-----
From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Mike Tancsa
Sent: Tuesday, October 25, 2011 7:20 PM
To: NSP-SEC
Subject: [nsp-sec] DDoS against 206.130.91.109
----------- nsp-security Confidential --------
Hi,
One of our users drew a brief ~ gigabit attack against their IP. Not sure if its spoofed or not, but we saw inbound flows on most of our inbound links.
Below were the biggest attackers. Time is GMT. Packets were mostly udp port 80, or udp port 0 and started at 21:25 GMT and lasted for ~ 10min
Bulk mode; whois.cymru.com [2011-10-25 23:09:19 +0000]
2042 | 202.190.123.218 | 2011-10-25 21:25 | ERX-JARING JARING Communications Sdn Bhd.
2516 | 111.110.95.184 | 2011-10-25 21:25 | KDDI KDDI CORPORATION
2697 | 202.141.138.131 | 2011-10-25 21:25 | ERX-ERNET-AS Education and Research Network
3462 | 122.117.53.153 | 2011-10-25 21:25 | HINET Data Communication Business Group
3816 | 190.254.222.26 | 2011-10-25 21:25 | COLOMBIA TELECOMUNICACIONES S.A. ESP
4134 | 58.49.6.210 | 2011-10-25 21:25 | CHINANET-BACKBONE No.31,Jin-rong Street
4515 | 202.82.203.93 | 2011-10-25 21:25 | ERX-STAR PCCW IMSBiz
4538 | 202.117.3.102 | 2011-10-25 21:25 | ERX-CERNET-BKB China Education and Research Network Center
4788 | 58.26.150.3 | 2011-10-25 21:25 | TMNET-AS-AP TM Net, Internet Service Provider
4795 | 124.81.55.250 | 2011-10-25 21:25 | INDOSATM2-ID INDOSATM2 ASN
4808 | 124.65.192.14 | 2011-10-25 21:25 | CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network
5432 | 194.78.38.194 | 2011-10-25 21:25 | BELGACOM-SKYNET-AS Belgacom regional ASN
5650 | 50.46.245.67 | 2011-10-25 21:25 | FRONTIER-FRTR - Frontier Communications of America, Inc.
6713 | 81.192.52.40 | 2011-10-25 21:25 | IAM-AS
6739 | 84.124.52.195 | 2011-10-25 21:25 | ONO-AS Cableuropa - ONO
7132 | 108.67.32.129 | 2011-10-25 21:25 | SBIS-AS - AT&T Internet Services
7132 | 76.202.46.246 | 2011-10-25 21:25 | SBIS-AS - AT&T Internet Services
7497 | 124.17.124.8 | 2011-10-25 21:25 | CSTNET-AS-AP Computer Network Information Center
7552 | 117.3.67.98 | 2011-10-25 21:25 | VIETEL-AS-AP Vietel Corporation
8151 | 148.235.170.226 | 2011-10-25 21:25 | Uninet S.A. de C.V.
8151 | 148.235.170.227 | 2011-10-25 21:25 | Uninet S.A. de C.V.
8151 | 148.235.170.228 | 2011-10-25 21:25 | Uninet S.A. de C.V.
8151 | 148.235.170.229 | 2011-10-25 21:25 | Uninet S.A. de C.V.
8151 | 148.235.170.230 | 2011-10-25 21:25 | Uninet S.A. de C.V.
8151 | 148.235.170.231 | 2011-10-25 21:25 | Uninet S.A. de C.V.
8151 | 148.235.170.232 | 2011-10-25 21:25 | Uninet S.A. de C.V.
8151 | 148.235.170.233 | 2011-10-25 21:25 | Uninet S.A. de C.V.
8151 | 148.235.170.234 | 2011-10-25 21:25 | Uninet S.A. de C.V.
8151 | 148.235.170.235 | 2011-10-25 21:25 | Uninet S.A. de C.V.
8151 | 148.235.170.236 | 2011-10-25 21:25 | Uninet S.A. de C.V.
8151 | 148.235.170.237 | 2011-10-25 21:25 | Uninet S.A. de C.V.
8151 | 148.235.170.238 | 2011-10-25 21:25 | Uninet S.A. de C.V.
9228 | 203.77.233.236 | 2011-10-25 21:25 | CENTRALONLINE-ID-AS-AP PT. Total Info Kharisma
9811 | 202.149.225.23 | 2011-10-25 21:25 | BJGY srit corp.,beijing.
9829 | 117.239.10.19 | 2011-10-25 21:25 | BSNL-NIB National Internet Backbone
9891 | 203.146.129.189 | 2011-10-25 21:25 | CSLOX-IDC-AS-AP CS LOXINFO Public Company Limited.
12252 | 190.81.1.185 | 2011-10-25 21:25 | Telmex Peru S.A.
13489 | 201.236.227.5 | 2011-10-25 21:25 | EPM Telecomunicaciones S.A. E.S.P.
14670 | 66.187.102.209 | 2011-10-25 21:25 | SOLAR-VPS - Solar VPS
17911 | 203.128.28.77 | 2011-10-25 21:25 | BRAINPK-AS-AP Brain Telecommunication Ltd.
17974 | 125.162.170.142 | 2011-10-25 21:25 | TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
17974 | 125.166.149.50 | 2011-10-25 21:25 | TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
18479 | 200.98.234.221 | 2011-10-25 21:25 | Plug-In Vanet Sistemas de Comunicao LTDA
22047 | 200.86.232.58 | 2011-10-25 21:25 | VTR BANDA ANCHA S.A.
23752 | 202.70.66.86 | 2011-10-25 21:25 | NPTELECOM-NP-AS Nepal Telecommunications Corporation, Internet Services,
23887 | 202.71.180.211 | 2011-10-25 21:25 | PRODATA-TRANSIT-AS-AP PRODATANET INC.
24436 | 203.15.61.4 | 2011-10-25 21:25 | UQ-AS-AP University of Queensland
24940 | 78.46.104.41 | 2011-10-25 21:25 | HETZNER-AS Hetzner Online AG RZ
26617 | 200.35.185.234 | 2011-10-25 21:25 | Navega.com S.A.
28554 | 200.77.205.131 | 2011-10-25 21:25 | Cablemas Telecomunicaciones SA de CV
33597 | 67.208.75.123 | 2011-10-25 21:25 | INFORELAY - InfoRelay Online Systems, Inc.
38203 | 202.51.183.131 | 2011-10-25 21:25 | ATC-BD-AS-AP Advanced Data Networks System Limited
38778 | 202.148.31.189 | 2011-10-25 21:25 | DWPNET-AS-ID PT. Dutakom Wibawa Putra
39536 | 93.78.197.25 | 2011-10-25 21:25 | POISK-CTV POISK Ltd.
45328 | 202.129.206.26 | 2011-10-25 21:25 | NIPA-AS-TH NIPA TECHNOLOGY CO., LTD
45538 | 112.78.7.146 | 2011-10-25 21:25 | ODS-AS-VN Online data services
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
More information about the nsp-security
mailing list