[nsp-sec] DDOS Fun [ACK 20773]
Felix Schueren
felix.schueren at hosteurope.de
Wed Sep 19 16:05:09 EDT 2012
ACK for
20773 | 176.28.48.36 | 176.28.0.0/18 | DE | ripencc |
2011-05-20 | HOSTEUROPE-AS Host Europe GmbH
20773 | 217.115.144.201 | 217.115.128.0/19 | DE | ripencc |
2001-05-29 | HOSTEUROPE-AS Host Europe GmbH
20773 | 88.80.202.56 | 88.80.192.0/19 | DE | ripencc |
2005-12-01 | HOSTEUROPE-AS Host Europe GmbH
176.28.48.36 & 217.115.144.201 ratelimited to ~2Mbit/sec of UDP/TCP 53
each for the next week while they're being investigated & cleaned.
88.80.202.56 did target ports 53,80,443 & did not do as much traffic,
this was not limited but is also being investigated.
all machines are not under our administrative control, anything relevant
I could search for in netflow to get an idea about C&C?
Times in CEST (UTC+02)
ip in [176.28.48.36
217.115.144.201
88.80.202.56] and dst port 53
Aggregated flows 5
Top 100 flows ordered by bytes:
Date flow start Duration Src IP Addr Dst Port Bytes
bps
2012-09-19 16:37:21.960 2773.770 176.28.48.36 53 123.0 G
354.9 M
2012-09-19 17:00:01.190 2403.890 217.115.144.201 53 23.0 G
76.5 M
2012-09-19 16:13:59.520 3532.950 88.80.202.56 53 4.9 G
11.2 M
2012-09-19 17:10:02.560 1531.800 88.80.202.56 53 3.4 G
17.7 M
2012-09-19 16:27:38.740 3599.660 217.115.144.201 53 2.0 G
4.5 M
kind regards,
Felix
--
Felix Schüren
Head of Network
-----------------------------------------------------------------------
Host Europe GmbH - http://www.hosteurope.de
Welserstraße 14 - 51149 Köln - Germany
Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*)
HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678
Geschäftsführer: Patrick Pulvermüller, Thomas Vollrath
(*) 0,14 EUR/Min. aus dem dt. Festnetz; maximal 0,42 EUR/Min. aus
den dt. Mobilfunknetzen
More information about the nsp-security
mailing list