[nsp-sec] Cisco customers experiencing grief from 212.73.150.63
Dario Ciccarone (dciccaro)
dciccaro at cisco.com
Thu Sep 19 23:22:17 EDT 2019
Thanks a lot, Rob ! This is certainly enlightening.
What is the classification for this information ? We are working internally with the forensics team, the TALOS guys and the Umbrella folks. Have *not yet* shared *any information* with any of them, besides a "it seems from other nsp-sec members that this particular host is hostile".
Let me know !
Thanks,
Dario
On 9/19/19, 8:03 PM, "nsp-security on behalf of Rabbi Rob Thomas" <nsp-security-bounces at puck.nether.net on behalf of robt at cymru.com> wrote:
----------- nsp-security Confidential --------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear team,
Okey we see 340 recent, *possible* victims (SYN+ACK packets returned,
etc.) in the following ASNs. Rather than spamming the list: Team,
please let me know if you'd like the list of IPs for your ASN. I'm
happy to send that along!
All of our data continues to suggest that this is a targeted attack by
212.73.150.63, beginning as far back as 2019-08-31 08:17:24 UTC.
I'm going to go hunting for other hosts doing the same. I'm going to
see if I can spot the recon effort that predated this activity. If
there is anything else I can do to help, please don't hesitate to ask,
Dario!
702 UUNET - MCI Communications Services, Inc. d/b/a Verizon
Business, US
766 REDIRIS RedIRIS Autonomous System, ES
1213 HEANET, IE
2514 INFOSPHERE NTT PC Communications, Inc., JP
3215 France Telecom - Orange, FR
3462 HINET Data Communication Business Group, TW
3561 CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, U
S
3741 IS, ZA
4230 CLARO S.A., BR
4618 INET-TH-AS Internet Thailand Company Limited, TH
4637 ASN-TELSTRA-GLOBAL Telstra Global, HK
4657 STARHUB-INTERNET StarHub Ltd, SG
4755 TATACOMM-AS TATA Communications formerly VSNL is Leading ISP,
IN
4782 GSNET Data Communication Business Group, TW
6421 AS6421 - TATA COMMUNICATIONS (AMERICA) INC, US
8255 EURO-INFORMATION, FR
9318 SKB-AS SK Broadband Co Ltd, KR
9498 BBIL-AP BHARTI Airtel Ltd., IN
9829 BSNL-NIB National Internet Backbone, IN
10135 EASPNET-AS-AP EASPNET Inc., TW
11179 ARYAKA-ARIN - Aryaka Networks, Inc., US
12338 EUSKALTEL, ES
13041 CESCA-AC, ES
14061 DIGITALOCEAN-ASN - DigitalOcean, LLC, US
14492 DATAPIPE - DataPipe, Inc., US
15085 IMMEDION - Immedion, LLC, US
15633 UOC-AS, ES
15734 IDH Equinix Connect - Iberia, ES
15964 CAMNET-AS, CM
16371 ACENS_AS (Spain) Hosting, housing and VPN services, ES
16509 AMAZON-02 - Amazon.com, Inc., US
17408 ABOVE-AS-AP AboveNet Communications Taiwan, TW
17547 M1NET-SG-AP M1 NET LTD, SG
17762 HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd, IN
18101 RELIANCE-COMMUNICATIONS-IN Reliance Communications Ltd.DAKC
MUMBAI, IN
20164 JOANN-INET - JO-ANN STORES, LLC, US
20228 NTUA - Navajo Tribal Utility Authority, US
20337 SUNYPOLY-ASN - SUNY Institute of Technology, US
20940 AKAMAI-ASN1, US
22023 MZ - Machine Zone, Inc., US
23688 LINK3-TECH-AS-BD-AP Link3 Technologies Ltd., BD
24246 PNAPHKG001-AS-AP Internap Network Services, HK
24309 CABLELITE-AS-AP Atria Convergence Technologies Pvt. Ltd.
Broadband Internet Service Provider INDIA, IN
25479 IC2-AS, ES
25512 CDT-AS The Czech Republic, CZ
25888 CPQ-CXO-IOMC - Hewlett-Packard Company, US
26769 BANDCON - Bandcon, US
27357 RACKSPACE - Rackspace Hosting, US
28573 CLARO S.A., BR
30815 DETASAD, SA
34397 CYBERIA-RUH Cyberia Riyadh Autonomous System, SA
35753 ITC ITC AS number, SA
36884 MAROCCONNECT, MA
36926 CKL1-ASN, KE
37053 RSAWEB-AS, ZA
37054 Telecom-Malagasy, MG
37684 ANGANI-AS, KE
38219 SKODAAUTOINDIA-AS-AP Skoda Auto India Pvt.Ltd., IN
39522 CONVERGED, GB
40523 OACYS-INTERNET - OACYS TECHNOLOGY, US
42428 SPSNET Autonomous Number for Multihomed ISP Environment, SA
43408 SECDATAEU, GB
45187 RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider
Hong Kong, HK
45271 ICLNET-AS-AP Idea Cellular Limited, IN
45820 TTSL-MEISISP Tata Teleservices ISP AS, IN
45992 CG-AS-KR Construction Guarantee Cooperative, KR
50300 CUSTDC, GB
51375 VIVA, BH
53070 T-Systems Telecomunicações e Serviços Ltda., BR
55423 JASTEL-NETWORK-TH-IDC-AP JasTel Network, TH
55470 CYFUTURE-AS-IN Cyfuture India Pvt. Ltd., IN
55824 NKN-CORE-NW NKN Core Network, IN
56595 FLUENCY, GB
57795 NGNETWORKS, NL
58872 FUJITSU-IN Fujitsu Consulting India Pvt Ltd, IN
58966 BENCHMARK-AS-IN Benchmark Infotech Services Pvt.Ltd., IN
131195 SIM-SG-AS-AP SIM Headquarters, SG
131458 WILLIAMSLEA-AS-AP WILLIAMS LEA INDIA PRIVATE LIMITED, IN
132242 HOGARTHWW-SG Hogarth Worldwide Pte, SG
132303 TATA-SKY-AS-AP Tata Sky Ltd, IN
132519 SIKKACABLE-AS-IN Sikka Cable, IN
132764 PINKEYIT-AS Pinkey Internet, IN
133276 BIRLASOFT-AS Birlasoft IndiaLtd., IN
135197 MCX-AS Multi Commodity Exchange Of India Ltd, IN
198096 CICA Centro Informatico Cientifico de Andalucia - CICA, ES
200521 SEAP-AGE, ES
203708 AXEZ, NL
206713 ASFTV, FR
210137 LEAR-FRA, DE
262494 Virtex Ltda, BR
264159 Inexa Tecnologia LTDA., BR
Be well,
Rob.
- --
Rabbi Rob Thomas Team Cymru
"It is easy to believe in freedom of speech for those with whom we
agree." - Leo McKern
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEDcVjavXj08cL/QwdQ+hhYvqF8o0FAl2EFw0ACgkQQ+hhYvqF
8o3OgQ/5AUyBOlN31nFoXKhi3qK9S4AP4L1oHcplgOtxcwcoNmPggefK1CZiJ5OX
yOU89SiPx+PRHxFT7ioUGieJTcxVXPcyqJntWYbhq7jpCjBbOdaMRXX+B7jsH3h6
7VK1LoGG7/dhhyBFOFoWJppwe30UWw7ffrUk/2bvEPR5Vesm+jRnZhISo2Jerecr
oOxXnnvia3G6Iq+D1UpH94v2hnl2UUOFjzHBzEd/nP/MGTtcMPeAVIt7GPJDtiAq
P3vi0/sLgcjl26mNlOguO+YLynfbg/F4AXUWpCrmpoLcaASL51OHU3aSNGN6Afn6
mhtcBZh9Aci6PsUf4VOjdbHnxJAx2+6RjkRImUQ5k2cat5Pmj9ICkMeKElqz1BRm
JqzF7mQg2vCbvyLMXNGrbqJucg61FqukQ1+LpBBxtNLJ/T7KGMv3mK3MmIwfM5Tn
MLiLUjXik2qBHpFfD/t1B2OkXV1MxUaKyVX9D6exzGs2lIWXGEgyuS/chvA3hwIz
HLSfRgquDonr6geB2MK523+UVJDftMPMrmWbYhMubDCoCJvcY90moFnsZkKVsHpu
G7+8Uucjz+5tBDZSupAWX3r44AzReU8nvYI1Nl0LTiZhVO0MibkeqLU6JiXEhfUF
9MaqCouA+tGcHRgve1ZB0BnCpf+nfn3LWgw/y72UjwhmKTPmrUE=
=hkpt
-----END PGP SIGNATURE-----
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
More information about the nsp-security
mailing list