[nsp-sec] CLDAP DDoS to OpenStreetMap London tile server - 3206 amplifiers in 1205 ASNs

Sun Feb 3 22:38:05 EST 2019

I'll what I can find on 209.

Time posted before is for all ASN I'm guessing?

--John

On 1/31/19 5:02 PM, James A. T. Rice wrote:
> ----------- nsp-security Confidential --------
>
>
> Hi Folks,
>
> If you're in one of the 1205 ASns listed below, then you have open CLDAP amplifiers on your network which were used in an attack on the OpenStreetMap London tile server yesterday, 2019-01-31 starting at 0954Z. Full list of 3206 sources in the attached txt file.
>
> Please fix.
>
> Thanks
> James
>
> AS4134,AS6503,AS19429,AS14080,AS8151,AS28573,AS6471,AS3462,AS9318,AS17072,AS16735,AS16276,AS12876,AS27699,AS4812,AS31034,AS4837,AS3215,AS2856,AS3549,AS10620,AS33915,AS15311,AS3352,AS27947,AS2514,AS14178,AS10474,AS197540,AS4713,AS19994,AS8560,AS27715,AS18403,AS45899,AS3786,AS24940,AS4760,AS209,AS18747,AS16125,AS11172,AS48635,AS16629,AS13999,AS6830,AS6147,AS3741,AS20860,AS18209,AS16814,AS12389,AS9498,AS8426,AS8075,AS6327,AS61317,AS4766,AS3243,AS2614,AS1659,AS10318,AS9269,AS8220,AS8001,AS7545,AS577,AS4847,AS17621,AS10029,AS9811,AS852,AS62214,AS5588,AS5432,AS53292,AS4808,AS4663,AS46606,AS27640,AS25513,AS202242,AS1955,AS12252,AS7018,AS62282,AS49505,AS4515,AS4230,AS35549,AS3269,AS32244,AS2519,AS24961,AS24875,AS24806,AS22047,AS207143,AS174,AS14259,AS1221,AS11769,AS9853,AS9304,AS6739,AS5483,AS5391,AS4750,AS42831,AS39378,AS3356,AS3320,AS33070,AS27843,AS25189,AS22773,AS22368,AS2108,AS20738,AS20632,AS19108,AS18734,AS16406,AS15440,AS14117,AS13193,AS12353,AS10439,AS9299,AS9186,AS9009,AS8745,AS8551,AS8468,AS7393,AS6855,AS6429,AS5769,AS5610,AS5413,AS48809,AS4775,AS4739,AS46562,AS45903,AS39783,AS38661,AS36866,AS34989,AS3218,AS31863,AS31122,AS26615,AS263114,AS2561,AS2518,AS2516,AS23724,AS23033,AS2119,AS2116,AS20473,AS18106,AS17451,AS17447,AS17439,AS15774,AS10429,AS9930,AS9891,AS8866,AS8649,AS8473,AS8359,AS8256,AS7922,AS7475,AS7303,AS7029,AS6871,AS6661,AS60690,AS60651,AS60175,AS57286,AS5430,AS53667,AS5089,AS49981,AS48347,AS4788,AS47381,AS4694,AS45671,AS43541,AS42525,AS40564,AS393690,AS37647,AS37611,AS3758,AS37492,AS35470,AS34984,AS34300,AS33481,AS3216,AS31449,AS31313,AS2860,AS27884,AS24323,AS23201,AS21924,AS21599,AS2107,AS20910,AS207225,AS201127,AS200995,AS1916,AS18229,AS18101,AS17974,AS17964,AS17638,AS16397,AS15706,AS15366,AS14754,AS133420,AS12400,AS12324,AS12212,AS11845,AS11233,AS11215,AS10843,AS10753,AS10481,AS10225,AS9924,AS9848,AS9803,AS9600,AS9340,AS9260,AS9105,AS8972,AS8717,AS8684,AS8517,AS8470,AS7782,AS7602,AS7590,AS7479,AS7438,AS7385,AS7162,AS6939,AS6848,AS6802,AS6677,AS62353,AS62163,AS61400,AS61173,AS61157,AS60591,AS600,AS59816,AS59793,AS59441,AS57367,AS56994,AS5650,AS56374,AS5617,AS55803,AS557,AS55423,AS55081,AS5504,AS54290,AS5429,AS52973,AS51604,AS50673,AS5056,AS49334,AS48885,AS48260,AS48176,AS48096,AS4802,AS4782,AS4780,AS47232,AS4685,AS46375,AS4609,AS46010,AS45820,AS45758,AS45629,AS45427,AS45090,AS44066,AS4314,AS41887,AS41544,AS39232,AS38731,AS38676,AS38611,AS38283,AS38229,AS3790,AS37524,AS37521,AS36352,AS36218,AS36103,AS35916,AS35104,AS33724,AS3292,AS327782,AS32748,AS3255,AS32475,AS32083,AS30822,AS30722,AS30633,AS3058,AS30496,AS29933,AS29748,AS29713,AS29649,AS29119,AS29066,AS28890,AS28668,AS28359,AS28343,AS28333,AS2828,AS28263,AS28006,AS27738,AS27659,AS2722,AS2721,AS26496,AS264646,AS262979,AS262761,AS262589,AS262585,AS26210,AS25891,AS25843,AS25369,AS2510,AS24757,AS24481,AS24446,AS23750,AS23422,AS23345,AS23243,AS23140,AS22923,AS22689,AS21409,AS21155,AS20952,AS205081,AS20495,AS204601,AS20454,AS203851,AS203417,AS20299,AS20207,AS200492,AS20021,AS200185,AS200081,AS199653,AS199484,AS198881,AS19318,AS19257,AS18678,AS1836,AS1819,AS17430,AS16976,AS16904,AS15924,AS15704,AS15600,AS15305,AS15244,AS14472,AS14288,AS14265,AS14133,AS14061,AS13768,AS134708,AS13213,AS12975,AS12703,AS12695,AS12658,AS12552,AS12414,AS12350,AS12301,AS12271,AS11921,AS11664,AS11432,AS11419,AS1136,AS11014,AS10993,ASBulk,AS9988,AS9929,AS9905,AS9830,AS9821,AS9644,AS9583,AS9541,AS9500,AS9484,AS9482,AS9457,AS9443,AS9341,AS9329,AS9310,AS9268,AS9228,AS9206,AS9158,AS9129,AS9121,AS9110,AS9104,AS9051,AS9049,AS9044,AS9038,AS9031,AS9022,AS9008,AS8928,AS8893,AS8881,AS8865,AS8820,AS8732,AS8672,AS8663,AS8641,AS8636,AS8615,AS8595,AS8591,AS8570,AS8452,AS8449,AS8440,AS8399,AS8345,AS8331,AS8323,AS8273,AS8245,AS8193,AS8163,AS8100,AS8048,AS8008,AS8007,AS7992,AS790,AS7795,AS7738,AS7713,AS7690,AS766,AS7633,AS7616,AS7604,AS7578,AS7557,AS7540,AS7497,AS7332,AS7122,AS7057,AS702,AS701,AS6876,AS6856,AS6854,AS6846,AS6813,AS6719,AS6702,AS6700,AS6653,AS6453,AS64442,AS64237,AS6405,AS6389,AS63888,AS6325,AS6315,AS62870,AS62782,AS62744,AS62292,AS61922,AS61910,AS6181,AS61568,AS61272,AS6122,AS61154,AS61029,AS60986,AS60945,AS60886,AS60879,AS60800,AS60781,AS60720,AS60693,AS6057,AS60511,AS60496,AS60323,AS60294,AS60140,AS60059,AS59939,AS59564,AS59559,AS59257,AS59164,AS59108,AS59008,AS58659,AS58343,AS58314,AS58302,AS58269,AS58224,AS58073,AS57902,AS57723,AS57687,AS57276,AS57208,AS57191,AS57168,AS57131,AS5713,AS57059,AS56882,AS56694,AS56665,AS56433,AS5626,AS5587,AS55695,AS55684,AS55410,AS5523,AS5518,AS5503,AS54972,AS5495,AS54853,AS54427,AS5435,AS54301,AS54020,AS53983,AS5396,AS5392,AS53907,AS5379,AS53217,AS53194,AS53131,AS53078,AS53057,AS53054,AS53006,AS52871,AS52468,AS52368,AS52263,AS52228,AS52147,AS51904,AS51903,AS51698,AS51408,AS51248,AS51200,AS51153,AS50989,AS50949,AS50919,AS50784,AS50556,AS50543,AS50542,AS50505,AS50482,AS5048,AS50427,AS50340,AS5033,AS50261,AS50215,AS5017,AS50113,AS5009,AS5006,AS50004,AS49810,AS49798,AS49546,AS49544,AS49515,AS49504,AS49487,AS4943,AS49352,AS49293,AS4922,AS49140,AS49063,AS48961,AS48897,AS48863,AS48716,AS48685,AS48614,AS48517,AS48239,AS48117,AS4800,AS47952,AS47869,AS4771,AS47655,AS47474,AS47447,AS47442,AS47438,AS47264,AS47217,AS46897,AS4657,AS46160,AS46131,AS46055,AS46049,AS45557,AS45510,AS45287,AS45268,AS45237,AS44805,AS44709,AS44600,AS44489,AS44482,AS44440,AS44267,AS43391,AS43332,AS43313,AS43253,AS43201,AS42922,AS42845,AS42775,AS42763,AS42708,AS42695,AS42648,AS42643,AS42632,AS42387,AS42220,AS42149,AS41959,AS4193,AS41854,AS41847,AS41783,AS41682,AS41359,AS40996,AS40764,AS40430,AS40317,AS40156,AS40098,AS40028,AS39927,AS39923,AS39867,AS39710,AS39637,AS396362,AS39611,AS395876,AS395336,AS39445,AS394094,AS39398,AS393856,AS39327,AS39326,AS393216,AS39216,AS39116,AS38917,AS38802,AS38800,AS38765,AS38203,AS3816,AS38142,AS38001,AS37649,AS37497,AS37357,AS37344,AS37294,AS37183,AS37153,AS37061,AS36996,AS36974,AS36914,AS36868,AS36351,AS36327,AS36236,AS3602,AS35807,AS35467,AS35434,AS35393,AS35352,AS35328,AS35257,AS35125,AS35000,AS34977,AS34555,AS34397,AS34373,AS34235,AS34224,AS34211,AS34139,AS34093,AS33932,AS33842,AS33597,AS33480,AS3339,AS33360,AS33322,AS33154,AS33132,AS33101,AS33083,AS3308,AS33051,AS3303,AS3302,AS3301,AS328253,AS328087,AS327984,AS3277,AS327687,AS32642,AS3257,AS32554,AS3246,AS32098,AS31960,AS31689,AS31685,AS31655,AS31495,AS31477,AS31463,AS31415,AS31400,AS31304,AS31303,AS31252,AS31242,AS31117,AS31062,AS31027,AS30992,AS30889,AS30855,AS30798,AS30729,AS30689,AS3064,AS30432,AS30336,AS30247,AS30083,AS30036,AS30029,AS29831,AS29680,AS29614,AS29518,AS29354,AS29128,AS28994,AS28972,AS28859,AS28824,AS28775,AS28748,AS28716,AS28669,AS28658,AS28618,AS28594,AS28590,AS28580,AS28554,AS28509,AS28368,AS28364,AS28303,AS28250,AS28245,AS28231,AS28227,AS28226,AS28165,AS28158,AS28153,AS28118,AS28103,AS28096,AS28094,AS27951,AS27948,AS27882,AS27773,AS27747,AS27696,AS27668,AS27665,AS27653,AS27425,AS27357,AS2711,AS26938,AS26914,AS26886,AS26827,AS26806,AS266225,AS26617,AS265984,AS26481,AS264797,AS264637,AS264485,AS26426,AS263311,AS263167,AS263127,AS262825,AS262812,AS262808,AS262807,AS262715,AS262688,AS262664,AS262658,AS26253,AS26228,AS262237,AS262215,AS262202,AS262197,AS262186,AS26106,AS25933,AS25697,AS25620,AS25589,AS25540,AS25535,AS25528,AS25525,AS25515,AS25454,AS25375,AS2529,AS2527,AS25264,AS25227,AS2497,AS24960,AS24791,AS24723,AS24527,AS24395,AS24320,AS24204,AS24173,AS24139,AS24079,AS24028,AS23889,AS2386,AS237,AS23679,AS23647,AS23520,AS23391,AS23383,AS23374,AS23248,AS23148,AS22927,AS22925,AS22884,AS22869,AS22750,AS22706,AS22561,AS22458,AS22403,AS22177,AS22147,AS21782,AS21627,AS21574,AS21571,AS2152,AS21502,AS21413,AS21368,AS21211,AS21195,AS210329,AS210,AS20979,AS209782,AS20845,AS207133,AS20676,AS206610,AS20648,AS206440,AS206318,AS206170,AS205566,AS205500,AS205344,AS205317,AS205289,AS205055,AS20485,AS2044,AS204239,AS204121,AS204117,AS204035,AS203972,AS203964,AS203939,AS203675,AS203622,AS203409,AS20340,AS20326,AS203200,AS203077,AS202774,AS202699,AS202675,AS202671,AS202520,AS202305,AS202120,AS201999,AS201975,AS201959,AS201942,AS201928,AS201857,AS2018,AS201601,AS201536,AS20141,AS200953,AS200665,AS200532,AS200113,AS199883,AS199831,AS19969,AS199624,AS199551,AS199427,AS199390,AS199335,AS199319,AS199274,AS199256,AS198682,AS198651,AS198632,AS198203,AS198047,AS197834,AS197695,AS197672,AS197595,AS197376,AS197288,AS197185,AS196851,AS196735,AS196695,AS19624,AS19518,AS1930,AS19271,AS1901,AS18943,AS18822,AS18779,AS1853,AS18302,AS18233,AS18116,AS18024,AS17995,AS17978,AS17971,AS17948,AS17894,AS17881,AS17816,AS17775,AS17727,AS17665,AS17557,AS17511,AS17483,AS17480,AS17426,AS17279,AS17216,AS17119,AS17090,AS17054,AS17037,AS16960,AS16906,AS16705,AS16654,AS16637,AS16604,AS16591,AS16531,AS16376,AS16353,AS16242,AS16186,AS16178,AS16082,AS16043,AS16030,AS15962,AS15943,AS15744,AS15735,AS15694,AS15692,AS15658,AS15626,AS15510,AS15320,AS15290,AS15221,AS14960,AS14901,AS14615,AS14416,AS14361,AS14263,AS14238,AS14187,AS14102,AS1403,AS14007,AS13951,AS13739,AS13693,AS13645,AS136175,AS13591,AS134765,AS134451,AS133775,AS13329,AS13319,AS132717,AS13249,AS132199,AS13194,AS131269,AS131267,AS13118,AS13095,AS13055,AS1299,AS12925,AS12880,AS12874,AS12850,AS12849,AS12835,AS12810,AS12764,AS12741,AS12737,AS1273,AS12727,AS12714,AS12683,AS12593,AS12592,AS12578,AS1257,AS12539,AS12530,AS12488,AS12479,AS12455,AS12430,AS12380,AS12334,AS12180,AS12083,AS12042,AS11888,AS11830,AS11816,AS11796,AS11753,AS11556,AS11524,AS11402,AS11383,AS11351,AS11051,AS11042,AS10834,AS10796,AS10412,AS10355,AS10297,AS10143,AS10091,AS10024,AS10010
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________