[nsp-sec] DDoS attack towards XS4ALL AS3265
Manuel SUBREDU
manuel.subredu at roedu.net
Tue Apr 17 16:00:34 EDT 2012
On 4/17/2012 6:37 PM, Dave Woutersen (NCSC-NL) wrote:
> ----------- nsp-security Confidential --------
>
> Hi,
>
> On behalf of xs4all/Jacques Schuurman the following,
>
> AS3265 has been under a 500 Mbps+ ddos attack as of 10:50 UTC and its
> ongoing right now.
>
> Main targets 194.109.20.97-99
>
> traffic type UDP src port 0 dst port 0.
>
> Does anyone see this traffic? Obviously xs4all would like to see it
> stop, maybe we can pinpoint a C&C in the end by looking at sources.
> Thx in advance!
I see that there was some traffic from our network to 194.109.20.90,
around 70 kpps, between 18:50 and 19:50 (EEST). The traffic was TCP,
random source, dest 194.109.20.90/7000 .
> Kind regards,
> Dave
>
--
=====================================
Manuel SUBREDU
Network Engineer at AARNIEC/RoEduNet
RoCSIRT Coordinator
mobile: +40 (758) 808 052
phone: +40 (232) 201 007
fax: +40 (232) 201 200
e-mail: manuel.subredu at roedu.net
=====================================
More information about the nsp-security
mailing list