[nsp-sec] 9001: New UDP amplification port?

JASON CHAMBERS jchambers at ucla.edu
Wed Jul 14 11:02:12 EDT 2021 

On Mon, Jul 12, 2021 at 11:03 PM Borja Marcos <borjamar at sarenet.es> wrote:

> ----------- nsp-security Confidential --------
>
> I heard from Ruckus today, they told me that they have identified an issue
> and they are testing the fixes.
>
> I am trying to dig out some more detail, I told them I would only share
> with a trusted community.
>
> Cheers,
>
>

We saw some activity from 80.82.76.6 in June 2021, a 45 minute scan of 253k
IPs.

July 2021 shows a flurry of activity, presumed to be community research.

IP, Proto, Port, Destinations, First, Last
     80.82.76.6| 17| 9001|
 253445|2021/06/14T12:12:14|2021/06/14T12:59:01|
 146.88.240.248| 17| 9001|
 179332|2021/07/02T18:09:20|2021/07/02T18:20:09|
  125.64.94.136| 17| 9001|
 156073|2021/07/08T11:13:56|2021/07/09T01:57:22|
  125.64.94.138| 17| 9001|
90880|2021/07/08T11:13:15|2021/07/08T11:18:14|
   23.90.145.43| 17| 9001|
47637|2021/07/09T01:52:22|2021/07/09T01:52:36|
  125.64.94.144| 17| 9001|
29664|2021/07/09T01:57:26|2021/07/09T01:58:13|

80.82.76.6 -- City: Amsterdam -- State: North Holland  -- Country: NL --
Continent: EU --- ASN/ISP: 202425 - IP Volume inc
146.88.240.248 -- City: Southfield -- State: Michigan  -- Country: US --
Continent: NA --- ASN/ISP: 20052 - ARBOR
125.64.94.136 -- City: N/A -- State: N/A  -- Country: CN -- Continent: AS
--- ASN/ISP: 38283 - CHINANET SiChuan Telecom Internet Data Center
125.64.94.138 -- City: N/A -- State: N/A  -- Country: CN -- Continent: AS
--- ASN/ISP: 38283 - CHINANET SiChuan Telecom Internet Data Center
23.90.145.43 -- City: Frankfurt am Main -- State: Hesse  -- Country: DE --
Continent: EU --- ASN/ISP: 21859 - ZNET
125.64.94.144 -- City: N/A -- State: N/A  -- Country: CN -- Continent: AS
--- ASN/ISP: 38283 - CHINANET SiChuan Telecom Internet Data Center




For the January to June 2021 timeframe, a different set of IPs were
observed, 205.185.114.55 being one of them:


IP, Proto, Port, Destinations, First, Last
 103.145.13.131| 17| 9001|
 126881|2021/03/28T21:08:56|2021/04/02T03:31:49|
  185.16.38.106| 17| 9001|
 122170|2021/01/23T04:44:58|2021/01/23T10:50:10|
 103.145.13.130| 17| 9001|
90142|2021/04/01T10:00:37|2021/04/01T10:34:46|
 205.185.114.55| 17| 9001|
19802|2021/03/05T13:14:54|2021/05/22T15:31:01|

103.145.13.131 -- City: N/A -- State: N/A  -- Country: NL -- Continent: EU
--- ASN/ISP: 213371 - ABC Consultancy
185.16.38.106 -- City: N/A -- State: N/A  -- Country: PL -- Continent: EU
--- ASN/ISP: 201814 - Meverywhere sp. z o.o.
103.145.13.130 -- City: N/A -- State: N/A  -- Country: NL -- Continent: EU
--- ASN/ISP: 213371 - ABC Consultancy
205.185.114.55 -- City: Las Vegas -- State: Nevada  -- Country: US --
Continent: NA --- ASN/ISP: 53667 - PONYNET



Regards,

--Jason

More information about the nsp-security mailing list