[nsp-sec] Cisco customers experiencing grief from 212.73.150.63

Rabbi Rob Thomas robt at cymru.com
Thu Sep 19 20:02:24 EDT 2019 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dear team,

Okey we see 340 recent, *possible* victims (SYN+ACK packets returned,
etc.) in the following ASNs.  Rather than spamming the list:  Team,
please let me know if you'd like the list of IPs for your ASN.  I'm
happy to send that along!

All of our data continues to suggest that this is a targeted attack by
212.73.150.63, beginning as far back as 2019-08-31 08:17:24 UTC.

I'm going to go hunting for other hosts doing the same.  I'm going to
see if I can spot the recon effort that predated this activity.  If
there is anything else I can do to help, please don't hesitate to ask,
Dario!


702       UUNET - MCI Communications Services, Inc. d/b/a Verizon
Business, US
766       REDIRIS RedIRIS Autonomous System, ES
1213      HEANET, IE
2514      INFOSPHERE NTT PC Communications, Inc., JP
3215      France Telecom - Orange, FR
3462      HINET Data Communication Business Group, TW
3561      CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, U
S
3741      IS, ZA
4230      CLARO S.A., BR
4618      INET-TH-AS Internet Thailand Company Limited, TH
4637      ASN-TELSTRA-GLOBAL Telstra Global, HK
4657      STARHUB-INTERNET StarHub Ltd, SG
4755      TATACOMM-AS TATA Communications formerly VSNL is Leading ISP,
IN
4782      GSNET Data Communication Business Group, TW
6421      AS6421 - TATA COMMUNICATIONS (AMERICA) INC, US
8255      EURO-INFORMATION, FR
9318      SKB-AS SK Broadband Co Ltd, KR
9498      BBIL-AP BHARTI Airtel Ltd., IN
9829      BSNL-NIB National Internet Backbone, IN
10135     EASPNET-AS-AP EASPNET Inc., TW
11179     ARYAKA-ARIN - Aryaka Networks, Inc., US
12338     EUSKALTEL, ES
13041     CESCA-AC, ES
14061     DIGITALOCEAN-ASN - DigitalOcean, LLC, US
14492     DATAPIPE - DataPipe, Inc., US
15085     IMMEDION - Immedion, LLC, US
15633     UOC-AS, ES
15734     IDH Equinix Connect - Iberia, ES
15964     CAMNET-AS, CM
16371     ACENS_AS (Spain) Hosting, housing and VPN services, ES
16509     AMAZON-02 - Amazon.com, Inc., US
17408     ABOVE-AS-AP AboveNet Communications Taiwan, TW
17547     M1NET-SG-AP M1 NET LTD, SG
17762     HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd, IN
18101     RELIANCE-COMMUNICATIONS-IN Reliance Communications Ltd.DAKC
MUMBAI, IN
20164     JOANN-INET - JO-ANN STORES, LLC, US
20228     NTUA - Navajo Tribal Utility Authority, US
20337     SUNYPOLY-ASN - SUNY Institute of Technology, US
20940     AKAMAI-ASN1, US
22023     MZ - Machine Zone, Inc., US
23688     LINK3-TECH-AS-BD-AP Link3 Technologies Ltd., BD
24246     PNAPHKG001-AS-AP Internap Network Services, HK
24309     CABLELITE-AS-AP Atria Convergence Technologies Pvt. Ltd.
Broadband Internet Service Provider INDIA, IN
25479     IC2-AS, ES
25512     CDT-AS The Czech Republic, CZ
25888     CPQ-CXO-IOMC - Hewlett-Packard Company, US
26769     BANDCON - Bandcon, US
27357     RACKSPACE - Rackspace Hosting, US
28573     CLARO S.A., BR
30815     DETASAD, SA
34397     CYBERIA-RUH Cyberia Riyadh Autonomous System, SA
35753     ITC ITC AS number, SA
36884     MAROCCONNECT, MA
36926     CKL1-ASN, KE
37053     RSAWEB-AS, ZA
37054     Telecom-Malagasy, MG
37684     ANGANI-AS, KE
38219     SKODAAUTOINDIA-AS-AP Skoda Auto India Pvt.Ltd., IN
39522     CONVERGED, GB
40523     OACYS-INTERNET - OACYS TECHNOLOGY, US
42428     SPSNET Autonomous Number for Multihomed ISP Environment, SA
43408     SECDATAEU, GB
45187     RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider
Hong Kong, HK
45271     ICLNET-AS-AP Idea Cellular Limited, IN
45820     TTSL-MEISISP Tata Teleservices ISP AS, IN
45992     CG-AS-KR Construction Guarantee Cooperative, KR
50300     CUSTDC, GB
51375     VIVA, BH
53070     T-Systems Telecomunicações e Serviços Ltda., BR
55423     JASTEL-NETWORK-TH-IDC-AP JasTel Network, TH
55470     CYFUTURE-AS-IN Cyfuture India Pvt. Ltd., IN
55824     NKN-CORE-NW NKN Core Network, IN
56595     FLUENCY, GB
57795     NGNETWORKS, NL
58872     FUJITSU-IN Fujitsu Consulting India Pvt Ltd, IN
58966     BENCHMARK-AS-IN Benchmark Infotech Services Pvt.Ltd., IN
131195    SIM-SG-AS-AP SIM Headquarters, SG
131458    WILLIAMSLEA-AS-AP WILLIAMS LEA INDIA PRIVATE LIMITED, IN
132242    HOGARTHWW-SG Hogarth Worldwide Pte, SG
132303    TATA-SKY-AS-AP Tata Sky Ltd, IN
132519    SIKKACABLE-AS-IN Sikka Cable, IN
132764    PINKEYIT-AS Pinkey Internet, IN
133276    BIRLASOFT-AS Birlasoft IndiaLtd., IN
135197    MCX-AS Multi Commodity Exchange Of India Ltd, IN
198096    CICA Centro Informatico Cientifico de Andalucia - CICA, ES
200521    SEAP-AGE, ES
203708    AXEZ, NL
206713    ASFTV, FR
210137    LEAR-FRA, DE
262494    Virtex Ltda, BR
264159    Inexa Tecnologia LTDA., BR


Be well,
Rob.
- -- 
Rabbi Rob Thomas                                           Team Cymru
   "It is easy to believe in freedom of speech for those with whom we
    agree." - Leo McKern
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEDcVjavXj08cL/QwdQ+hhYvqF8o0FAl2EFw0ACgkQQ+hhYvqF
8o3OgQ/5AUyBOlN31nFoXKhi3qK9S4AP4L1oHcplgOtxcwcoNmPggefK1CZiJ5OX
yOU89SiPx+PRHxFT7ioUGieJTcxVXPcyqJntWYbhq7jpCjBbOdaMRXX+B7jsH3h6
7VK1LoGG7/dhhyBFOFoWJppwe30UWw7ffrUk/2bvEPR5Vesm+jRnZhISo2Jerecr
oOxXnnvia3G6Iq+D1UpH94v2hnl2UUOFjzHBzEd/nP/MGTtcMPeAVIt7GPJDtiAq
P3vi0/sLgcjl26mNlOguO+YLynfbg/F4AXUWpCrmpoLcaASL51OHU3aSNGN6Afn6
mhtcBZh9Aci6PsUf4VOjdbHnxJAx2+6RjkRImUQ5k2cat5Pmj9ICkMeKElqz1BRm
JqzF7mQg2vCbvyLMXNGrbqJucg61FqukQ1+LpBBxtNLJ/T7KGMv3mK3MmIwfM5Tn
MLiLUjXik2qBHpFfD/t1B2OkXV1MxUaKyVX9D6exzGs2lIWXGEgyuS/chvA3hwIz
HLSfRgquDonr6geB2MK523+UVJDftMPMrmWbYhMubDCoCJvcY90moFnsZkKVsHpu
G7+8Uucjz+5tBDZSupAWX3r44AzReU8nvYI1Nl0LTiZhVO0MibkeqLU6JiXEhfUF
9MaqCouA+tGcHRgve1ZB0BnCpf+nfn3LWgw/y72UjwhmKTPmrUE=
=hkpt
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list