[nsp-sec] DDoS against 193.219.60.42

Marius Urkis marius at litnet.lt
Fri Jun 7 04:24:35 EDT 2013 

Hello,

Got a UDP flood against 193.219.60.42, random UDP ports, 92bpp. Looks
like someone doing exercises or testing botnet since an attack lasted
for exactly 2 hours, started 17:45 and ended 19:45 (GMT+3).

Regards
-- 
Marius
=============================
 Marius Urkis
 LITNET CERT
 http://cert.litnet.lt
 Tel: +370 37 300645
 GSM: +370 687 79059
-------------- next part --------------
Bulk mode; whois.cymru.com [2013-06-07 07:54:46 +0000]
174     | 38.112.61.200    | US | 2013-06-06 17:45:11.875 | COGENT Cogent/PSI
209     | 65.123.120.2     | US | 2013-06-06 17:45:12.295 | ASN-QWEST-US NOVARTIS-DMZ-US
701     | 71.251.77.241    | US | 2013-06-06 17:45:12.295 | UUNET - MCI Communications Services, Inc. d/b/a Verizon Business
1706    | 128.196.155.10   | US | 2013-06-06 17:45:12.323 | UNIV-ARIZ - University of Arizona
2042    | 202.185.0.176    | MY | 2013-06-06 17:45:12.323 | ERX-JARING JARING Communications Sdn Bhd.
2259    | 130.79.225.46    | FR | 2013-06-06 17:45:11.811 | FR-U-STRASBOURG OSIRIS - UNIVERSITE DE STRASBOURG
2828    | 64.245.171.234   | US | 2013-06-06 17:45:11.875 | XO-AS15 - XO Communications
2914    | 161.58.177.101   | US | 2013-06-06 17:45:11.875 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
3737    | 209.50.147.210   | US | 2013-06-06 17:45:12.323 | PTD-AS - PenTeleData Inc.
3900    | 207.207.49.212   | US | 2013-06-06 17:45:12.295 | TEXASNET-ASN - YHC Corporation
4323    | 207.250.170.162  | US | 2013-06-06 17:45:11.875 | TWTC - tw telecom holdings, inc.
4323    | 64.132.70.98     | US | 2013-06-06 17:45:11.875 | TWTC - tw telecom holdings, inc.
4323    | 66.162.36.98     | US | 2013-06-06 17:45:18.725 | TWTC - tw telecom holdings, inc.
4436    | 67.201.43.157    | US | 2013-06-06 17:45:12.295 | AS-NLAYER - nLayer Communications, Inc.
4515    | 202.82.186.161   | HK | 2013-06-06 17:45:12.387 | ERX-STAR PCCW IMSBiz
4515    | 202.82.186.169   | HK | 2013-06-06 17:45:12.872 | ERX-STAR PCCW IMSBiz
4770    | 202.41.139.4     | NZ | 2013-06-06 17:45:12.387 | ICONZ-AS ICONZ Ltd
5033    | 207.178.215.109  | US | 2013-06-06 17:45:12.295 | ISW - Internet Specialties West Inc.
6079    | 216.164.203.131  | US | 2013-06-06 17:45:11.811 | RCN-AS - RCN Corporation
6079    | 216.164.203.144  | US | 2013-06-06 17:45:19.655 | RCN-AS - RCN Corporation
6079    | 216.164.203.147  | US | 2013-06-06 17:45:11.811 | RCN-AS - RCN Corporation
6079    | 216.164.203.23   | US | 2013-06-06 17:45:18.915 | RCN-AS - RCN Corporation
6079    | 216.164.203.51   | US | 2013-06-06 17:45:18.851 | RCN-AS - RCN Corporation
6128    | 96.56.55.227     | US | 2013-06-06 17:45:11.875 | CABLE-NET-1 - Cablevision Systems Corp.
6407    | 72.15.149.62     | CA | 2013-06-06 17:46:13.271 | PRIMUS-AS6407 - Primus Telecommunications Canada Inc.
6594    | 69.20.162.229    | US | 2013-06-06 17:45:12.387 | MCTI-1 - MICROSERV, INC.
7018    | 12.150.207.22    | US | 2013-06-06 17:45:11.875 | ATT-INTERNET4 - AT&T Services, Inc.
7018    | 12.175.248.70    | US | 2013-06-06 17:45:11.875 | ATT-INTERNET4 - AT&T Services, Inc.
7132    | 65.69.204.15     | US | 2013-06-06 17:45:12.294 | SBIS-AS AS for SBIS-AS
7385    | 67.136.112.228   | US | 2013-06-06 17:45:12.295 | INTEGRATELECOM - Integra Telecom, Inc.
7393    | 216.151.169.101  | CA | 2013-06-06 17:45:11.875 | CYBERCON - CYBERCON, INC.
7393    | 216.151.169.146  | CA | 2013-06-06 17:45:12.295 | CYBERCON - CYBERCON, INC.
7393    | 216.151.169.28   | CA | 2013-06-06 17:46:10.455 | CYBERCON - CYBERCON, INC.
8201    | 82.146.124.18    | BE | 2013-06-06 17:45:11.747 | EVONET XS4ALL Belgium NV
8560    | 74.208.71.219    | US | 2013-06-06 17:45:20.618 | ONEANDONE-AS 1&1 Internet AG
9165    | 62.97.131.131    | ES | 2013-06-06 17:45:11.811 | SERVICOM2000-AS PROSODIE IBERICA SL
9165    | 62.97.131.135    | ES | 2013-06-06 17:45:11.811 | SERVICOM2000-AS PROSODIE IBERICA SL
10316   | 69.64.79.234     | US | 2013-06-06 17:45:12.295 | CODERO-AS - Codero
10316   | 69.64.89.182     | US | 2013-06-06 17:45:12.295 | CODERO-AS - Codero
10439   | 71.6.150.4       | US | 2013-06-06 17:45:12.295 | CARINET - CariNet, Inc.
10439   | 71.6.151.190     | US | 2013-06-06 17:45:12.289 | CARINET - CariNet, Inc.
10913   | 216.52.118.46    | US | 2013-06-06 17:45:11.875 | INTERNAP-BLK - Internap Network Services Corporation
10913   | 69.25.27.130     | US | 2013-06-06 17:54:01.944 | INTERNAP-BLK - Internap Network Services Corporation
11051   | 209.151.255.38   | US | 2013-06-06 17:45:20.743 | CYBERVERSE - Cyberverse, Inc.
11051   | 209.151.255.60   | US | 2013-06-06 17:45:27.850 | CYBERVERSE - Cyberverse, Inc.
13354   | 108.166.170.67   | US | 2013-06-06 17:45:11.875 | ASN-EBLGLOBAL - EBL Global Networks, Inc.
13354   | 108.166.170.76   | US | 2013-06-06 17:45:12.295 | ASN-EBLGLOBAL - EBL Global Networks, Inc.
13367   | 74.95.71.181     | US | 2013-06-06 17:45:12.295 | COMCAST-13367 - Comcast Cable Communications Holdings, Inc
13640   | 155.212.4.131    | US | 2013-06-06 17:45:11.811 | ONECOM-CTC - One Communications Corporation
13768   | 69.174.243.49    | US | 2013-06-06 17:45:11.875 | PEER1 - Peer 1 Network Inc.
14493   | 68.21.103.209    | US | 2013-06-06 17:59:00.560 | AOA-AS-NUMBER - American Osteopathic Association
14571   | 187.31.192.17    | BR | 2013-06-06 17:45:34.850 | Internet Group do Brasil SA
14618   | 23.21.100.191    | US | 2013-06-06 17:45:11.875 | AMAZON-AES - Amazon.com, Inc.
15244   | 64.50.176.239    | US | 2013-06-06 17:45:12.296 | ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages
15290   | 216.13.96.186    | CA | 2013-06-06 17:46:25.815 | ALLST-15290 - Allstream Corp.
15290   | 66.46.176.114    | CA | 2013-06-06 17:45:11.875 | ALLST-15290 - Allstream Corp.
15418   | 109.228.2.254    | GB | 2013-06-06 17:45:11.747 | FASTHOSTS-INTERNET Fasthosts Internet Ltd. Gloucester, UK.
15706   | 196.1.237.203    | SD | 2013-06-06 17:45:11.875 | Sudatel
16276   | 178.33.112.21    | FR | 2013-06-06 17:45:11.875 | OVH OVH Systems
16276   | 192.95.29.143    | CA | 2013-06-06 17:45:11.811 | OVH OVH Systems
17184   | 69.15.160.61     | US | 2013-06-06 17:45:12.323 | ATL-CBEYOND - CBEYOND COMMUNICATIONS, LLC
17564   | 203.217.179.123  | MY | 2013-06-06 17:45:12.323 | GITN-PCN-AS-AP GITN (M) Sdn. Bhd.
19318   | 68.168.221.12    | US | 2013-06-06 17:45:15.113 | NJIIX-AS-1 - NEW JERSEY INTERNATIONAL INTERNET EXCHANGE LLC
20021   | 199.231.144.13   | US | 2013-06-06 17:45:11.875 | LNH-INC - HostMySite
20021   | 208.112.76.150   | US | 2013-06-06 17:45:11.875 | LNH-INC - HostMySite
20021   | 216.74.22.21     | US | 2013-06-06 17:45:12.359 | LNH-INC - HostMySite
20021   | 65.182.193.16    | US | 2013-06-06 17:45:11.875 | LNH-INC - HostMySite
20849   | 80.72.133.208    | DE | 2013-06-06 17:46:13.337 | CONTINUM Continum AG
20860   | 62.128.195.53    | GB | 2013-06-06 17:45:11.747 | IOMART-AS Iomart
21844   | 74.54.108.50     | US | 2013-06-06 17:45:11.875 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844   | 74.54.19.242     | US | 2013-06-06 17:45:12.323 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
25644   | 216.91.145.19    | US | 2013-06-06 17:45:12.323 | LOGICLINK - Logic Solutions
25653   | 208.116.47.202   | US | 2013-06-06 17:45:11.811 | FORTRESSITX - FortressITX
25956   | 63.133.223.139   | US | 2013-06-06 17:45:12.387 | ALPHEUS - Alpheus Data Services, L.L.C.
28685   | 37.153.194.102   | NL | 2013-06-06 17:45:11.747 | ASN-ROUTIT Routit BV
29462   | 89.250.187.245   | NL | 2013-06-06 17:45:11.747 | DSD-AS DSD Automatisering B.V.
29655   | 93.188.73.18     | CH | 2013-06-06 17:45:12.323 | TRENKA Trenka Informatik AG
32244   | 69.167.158.184   | US | 2013-06-06 17:45:11.875 | LIQUID-WEB-INC - Liquid Web, Inc.
32244   | 72.52.192.131    | US | 2013-06-06 17:45:11.875 | LIQUID-WEB-INC - Liquid Web, Inc.
32613   | 70.38.101.2      | CA | 2013-06-06 17:45:11.811 | IWEB-AS - iWeb Technologies Inc.
33070   | 198.101.254.248  | US | 2013-06-06 17:45:12.295 | RMH-14 - Rackspace Hosting
33070   | 50.56.214.122    | US | 2013-06-06 17:45:11.875 | RMH-14 - Rackspace Hosting
33070   | 98.129.18.82     | US | 2013-06-06 17:45:11.875 | RMH-14 - Rackspace Hosting
33651   | 107.0.64.3       | US | 2013-06-06 17:45:12.388 | CMCS - Comcast Cable Communications, Inc.
33667   | 107.0.64.3       | US | 2013-06-06 17:45:12.388 | CMCS - Comcast Cable Communications, Inc.
33970   | 95.215.225.163   | GB | 2013-06-06 17:45:11.747 | OPENHOSTING M247 Ltd
34934   | 109.108.140.85   | GB | 2013-06-06 18:00:41.871 | UKFAST UKFast.Net Ltd
36820   | 64.118.70.227    | US | 2013-06-06 17:45:11.875 | TULIP-SYSTEMS-INC-HOSTING-55-MARIETTA-ATLANTA - TULIP SYSTEMS, INC.
38873   | 202.174.121.61   | HK | 2013-06-06 17:45:12.323 | ICLP-AS-HK-AP International Customer Loyalty Programmes Limited
46661   | 67.21.112.182    | US | 2013-06-06 17:45:12.295 | ILLUMINATEDHOSTING - Illuminated Hosting Service, LLC
46664   | 74.118.193.191   | US | 2013-06-06 17:45:11.875 | VOLUMEDRIVE - VolumeDrive
48185   | 62.193.225.143   | FR | 2013-06-06 17:45:11.747 | AMEN AMEN DEDICATED
51949   | 91.142.241.43    | NL | 2013-06-06 17:45:11.747 | IT-ERNITY-AS IT-Ernity Internet Services BV
54425   | 38.121.42.81     | US | 2013-06-06 17:45:35.466 | AS-DICEX - DICEX INTERNATIONAL INC

More information about the nsp-security mailing list