[nsp-sec] DDoS towards facebook this morning

Maher, Kevin kmaher at ebay.com
Sun Mar 4 18:52:56 EST 2012 

Former colleagues who are no longer on nsp-sec asked me to reach out to the list regarding this ongoing attack.


>From 9:10 am PST, 60-100 gbps, this is not causing any impact.


Sources are believed to be popped web servers:  "We found that these boxes in the sample are have in common that they

are running the Parallels Plesk panel which had a remote compromise vuln recently (http://kb.parallels.com/en/113321). "


Source ports are random, and each sent packet is exactly 1053 bytes.


Any help with mitigation or identification of sources would be welcome, you can work through me or contact

cgreene at fb.com or mhenley at fb.com directly off list until we get them back on here.  :)


Src -> Dest

87.230.103.114   69.171.224.40
87.230.51.57     69.171.229.16
87.230.51.57     69.171.229.14
80.237.208.86    69.171.224.39
46.163.124.82    69.171.229.14
80.237.152.74    69.171.228.14
80.237.208.86    69.171.229.11
80.237.152.74    69.171.234.64
87.230.51.57     69.171.228.11
46.163.124.82    69.171.228.11
46.163.124.82    69.171.234.64
80.237.208.86    69.171.228.39
87.230.53.111    69.171.229.11
80.237.152.74    69.171.234.16
80.237.208.86    69.171.228.11
80.237.208.86    69.171.234.16
80.237.152.74    69.171.234.48
85.10.130.28     69.171.234.16
217.150.150.124  69.171.234.32
80.237.211.52    69.171.229.11
46.163.124.82    69.171.234.32
80.237.152.74    69.171.224.13
46.163.124.82    66.220.149.11
188.138.112.242  69.171.229.12
80.237.208.86    69.171.228.40
46.163.124.82    69.171.224.12
178.77.77.160    69.171.224.11
85.25.150.53     69.171.224.14
178.77.77.30     69.171.224.39
217.150.150.124  69.171.228.14
80.237.152.74    69.171.224.11
80.237.152.74    66.220.149.67
178.77.77.30     69.171.229.11
188.138.32.139   69.171.234.96
80.237.209.85    69.171.229.11
188.138.72.8     69.171.229.13
88.80.209.35     69.171.229.11
85.10.130.4      69.171.234.32
217.172.180.226  69.171.234.80
87.230.33.163    69.171.234.80
87.230.33.163    69.171.229.16
83.169.20.27     69.171.234.48
62.75.181.81     69.171.224.11
83.169.20.27     69.171.234.16
212.65.3.177     69.171.224.14
178.77.77.160    69.171.228.12
188.138.108.122  66.220.149.67
188.138.84.104   69.171.229.11
80.237.201.46    69.171.228.11
80.237.208.121   69.171.229.11
46.163.124.82    69.171.229.12
83.143.135.34    66.220.153.11
46.163.124.82    69.171.234.80
62.193.232.70    69.171.224.14
188.138.116.39   69.171.229.11
87.230.101.27    69.171.229.11
83.169.20.27     66.220.147.22
188.138.72.8     69.171.228.39
87.230.51.57     69.171.229.15
87.230.56.37     69.171.228.13
83.169.33.238    69.171.229.11
217.149.4.240    69.63.189.74
178.77.77.160    69.171.229.14
62.75.181.81     69.171.224.13
80.237.210.36    69.171.228.11
83.169.20.27     69.171.224.14
62.75.174.9      69.171.228.12
188.138.92.239   69.171.234.48
92.51.164.219    69.171.228.39
85.25.133.180    69.171.224.13
62.193.242.179   69.171.234.32
92.51.142.160    69.171.228.12
217.113.246.120  69.171.234.32
85.25.73.140     69.171.228.13
62.193.236.47    69.171.224.13
83.169.60.30     69.171.228.14
83.169.20.27     69.171.224.11
178.77.77.30     69.171.228.13
62.193.226.14    69.171.234.48
188.138.72.8     69.171.234.32
87.230.33.163    69.171.234.64
188.138.32.139   69.171.229.12
188.138.108.122  69.171.224.11
80.237.152.74    69.171.228.39
188.138.32.68    69.171.229.12
62.193.229.53    69.171.224.12
80.237.159.33    69.171.234.16
62.75.251.24     69.171.224.14


Two significant clusters of sources


Net2ez - US-based
-------
72.47.193.126
72.47.248.171
72.47.233.125
72.47.209.203
72.47.234.165
72.47.214.136
72.47.211.125
72.47.208.249
72.47.193.144
72.47.209.203
72.47.193.144
72.47.196.41
72.47.200.207
72.47.236.149
72.47.233.125
72.47.233.125
72.47.250.121
72.47.197.29
72.47.216.22
72.47.195.109
72.47.251.52
72.47.195.85
72.47.220.134
72.47.195.106
72.47.251.21
72.47.208.249
72.47.220.222
72.47.209.203
72.47.208.190
72.47.223.56
72.47.250.46
72.47.201.40

1&1 Internet - EU-based
-------------
87.106.3.105
87.106.52.103
87.106.3.105
87.106.3.105
87.106.251.100
87.106.4.215
87.106.248.145
87.106.3.105
87.106.251.100
87.106.160.137
87.106.30.18
87.106.25.191
87.106.14.142
87.106.130.85
87.106.245.246
87.106.246.111
87.106.210.190
87.106.179.175
87.106.132.163
87.106.220.48
87.106.177.29
87.106.206.32
87.106.80.187
87.106.80.187
87.106.243.192
87.106.218.189
87.106.248.150
87.106.52.103
87.106.139.164
87.106.134.158
87.106.151.150
87.106.135.142
87.106.254.67
87.106.206.32
87.106.52.103
87.106.134.158
87.106.135.142
87.106.254.109
87.106.16.120
87.106.220.87
87.106.12.39
87.106.30.18
87.106.23.102
87.106.211.215
87.106.80.187
87.106.247.189
87.106.209.152
87.106.71.164
87.106.132.163
87.106.146.111
87.106.249.105
87.106.250.65
87.106.250.65
87.106.252.39
87.106.151.150
87.106.57.239
87.106.243.192
87.106.247.189
87.106.66.172
87.106.248.150
87.106.246.111
87.106.251.100
87.106.191.87
87.106.151.75
87.106.241.68
87.106.18.64
87.106.243.57
87.106.70.43
87.106.7.188
87.106.151.107
87.106.52.240
87.106.253.216
87.106.51.212
87.106.211.215
87.106.244.164
87.106.160.137
87.106.220.129
87.106.254.109
87.106.66.100
87.106.249.105
87.106.191.87
87.106.191.87
87.106.252.72
87.106.213.70
87.106.178.50
87.106.200.44
87.106.219.27
87.106.139.27
87.106.211.1
87.106.252.39
87.106.12.39
87.106.245.254
87.106.244.164
87.106.88.156
87.106.181.66
87.106.213.70
87.106.151.75
87.106.30.18
87.106.213.19
87.106.52.240
87.106.51.212
87.106.210.190
87.106.137.187
87.106.243.192
87.106.243.192
87.106.36.180
87.106.66.172
87.106.254.155
87.106.254.155
87.106.244.164
87.106.220.129
87.106.16.120
87.106.151.107
87.106.254.67
87.106.101.66
87.106.177.29
87.106.213.19
87.106.211.1
87.106.211.1
87.106.144.254
87.106.208.188
87.106.144.254
87.106.52.240
87.106.4.215
87.106.253.216
87.106.25.191
87.106.220.87
87.106.252.72
87.106.12.39
87.106.213.19
87.106.39.238
87.106.254.196
87.106.254.155
87.106.254.155
87.106.248.150
87.106.220.129
87.106.97.115
87.106.246.111
87.106.220.87
87.106.252.72
87.106.18.64
87.106.243.57
87.106.12.39
87.106.151.33
87.106.139.27
87.106.243.57
87.106.52.240
87.106.213.204
87.106.36.180
87.106.56.183
87.106.248.145
87.106.51.110
87.106.63.73
87.106.151.75
87.106.181.66
87.106.178.50
87.106.200.44
87.106.151.33
87.106.211.1
87.106.245.254
87.106.213.204
87.106.208.188
87.106.36.180
87.106.151.107
87.106.249.105
87.106.213.70
87.106.139.27
87.106.23.5
87.106.144.254
87.106.99.191
87.106.99.191
87.106.103.168
87.106.103.168
87.106.254.109
87.106.23.102
87.106.252.72
87.106.252.55
87.106.252.55
87.106.37.49
87.106.151.33
87.106.213.19
87.106.23.5
87.106.52.240
87.106.247.189
87.106.36.180
87.106.103.168
87.106.103.168
87.106.247.150
87.106.220.87
87.106.37.49
87.106.213.19
87.106.57.239
87.106.254.196
87.106.254.196
87.106.179.175
87.106.87.163
87.106.87.163
87.106.97.115
87.106.146.111
87.106.183.34
87.106.23.5
87.106.23.5
87.106.87.163
87.106.151.150
87.106.97.115
87.106.44.133
87.106.249.105
87.106.101.66
87.106.252.72
87.106.243.57
87.106.252.55
87.106.252.55
87.106.200.44
87.106.183.34
87.106.139.27
87.106.245.246
87.106.254.196
87.106.218.189
87.106.218.189
87.106.218.189
87.106.99.191
87.106.99.191
87.106.44.133
87.106.23.102
87.106.200.44
87.106.37.49
87.106.183.34
87.106.23.5

More information about the nsp-security mailing list