[nsp-sec] UDP DDoS
Nick Hale
nspsec at rtfmnewbie.com
Tue Mar 13 15:32:12 EDT 2012
Hi Dave,
Can you give me any more info on the 36351/21844 hosts? I'll start digging into what I can on this end. (sample pcaps would be wonderful too, if
possible).
Regards,
Nick
SoftLayer
On 3/13/2012 14:25, Dave Monnier wrote:
> ----------- nsp-security Confidential --------
>
>
>
>
> Team,
>
> Looking for the source of a UDP-based attack against these IP:
>
> 202.163.115.10
> 202.163.115.11
> 61.5.158.117
> 61.5.158.121
> 61.5.158.124
> 61.5.158.114
>
> Leaders by percentage look to be:
> 36351 | 173.192.220.101 | SOFTLAYER - SoftLayer Technologies Inc.
> 36351 | 173.192.222.69 | SOFTLAYER - SoftLayer Technologies Inc.
> 36351 | 208.43.81.118 | SOFTLAYER - SoftLayer Technologies Inc.
> 21844 | 174.120.229.130 | THEPLANET-AS - ThePlanet.com Internet
> 19066 | 173.199.150.228 | WIREDTREE - Cogswell Enterprises Inc.
> 30217 | 216.87.163.170 | DESYNC - Desync Networks
>
> SRC/DST ports are all over.
>
> Thanks!
> -Dave
>
>
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list