[nsp-sec] DNS and SNMP Reflection Attack Hosts

Torsten Voss voss at dfn-cert.de
Fri Jun 28 08:52:10 EDT 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks and ACK for AS:

DNS:  553, 680, 2857, 5501, 12816, 20633, 29484, 34878, 41969
SNMP: 288, 680, 2857


Cheers,
  Torsten

Am 24.06.2013 07:25, schrieb Krista Hickey:
> ----------- nsp-security Confidential --------
> 
> 
> 
> [Apologies if this is a duplicate for you]
> 
> File 622894 contains ~45K DNS resolvers observed attacking a host June 19,
> 2013 (peak approx 1.5Gbps)
> 
> File 3952583 contains ~28K SNMP resolvers observed attacking a different
> host June 21, 2013 (peak approx 1Gbps)
> 
> I was also working on an unrelated DNS reflection attack our hosts were
> participating in and in addition to usual isc.org queries I observed
> nukes.directedat.asia queries, I don't have many details on it at the
> moment but I think it speaks for itself and returns a fairly large record
> so perhaps someone from AS21928 T-Mobile may be interested, also found
> someone with thoughts on directedat.asia  and some other suspect domains at
> http://dnsamplificationattacks.blogspot.nl/2013/06/domain-mydnsscanus.html
> which may be of interest.
> 
> As before, details in the file, distribute as required for mitigation but
> no attribution please and if not necessary please strip target as well.
> 
> Thanks Krista 7992
> 
> 
> 
> 
> 
> _______________________________________________ nsp-security mailing list 
> nsp-security at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security 
> community. Confidentiality is essential for effective Internet security
> counter-measures. _______________________________________________
> 



- -- 
Dipl.-Ing.(FH) Torsten Voss (Incident Response Team), Phone +49 40 808077-634

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone  +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.:  DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlHNhvkACgkQLn8qYyAllOQVmACfedFcqP0xDT4OTHB4zkQYp1xz
FtoAmwfJOu8Ud6ZsRGUOezYoEZNq3D3U
=yVy9
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list