[111025] in North American Network Operators' Group
DNS DDoS - New Hosts
daemon@ATHENA.MIT.EDU (Andrew Fried)
Tue Jan 27 10:13:58 2009
Date: Tue, 27 Jan 2009 10:13:46 -0500
From: Andrew Fried <andrew.fried@gmail.com>
To: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
This is a multi-part message in MIME format.
--------------090307080604000009010208
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
As of 10:10am (EST) new hosts are now being targeted in the DDoS.
Interestingly enough two of the ip addresses are in China. Attached is
a file containing the geoip/whois and peering information for the
targeted systems.
+----------------+-------------+
| host | count(host) |
+----------------+-------------+
| 202.104.106.49 | 45 |
| 210.21.218.138 | 48 |
| 63.217.28.226 | 1153 |
| 64.57.246.146 | 1559 |
| 67.192.144.0 | 11765 |
| 76.9.16.171 | 582 |
+----------------+-------------+
--
Andrew Fried
andrew.fried@gmail.com
--------------090307080604000009010208
Content-Type: text/plain;
name="ddos-20090127-1010.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="ddos-20090127-1010.txt"
GeoIP Location Information for IP: 202.104.106.49
Located in: Boshi, 26 (CN)
Latitude: 34.7667
Longitude: 110.0500
Area Code:
Postal Code:
ARIN information for: 202.104.106.49
DNS PTR Record:
Registrar: apnic
ASN Number: AS4134
Country: CN
Ip Starting Block: 202.104.0.0
IP Ending Block: 202.105.255.255
IP Block Size: 131072
Date Registered: 19980817
Block Status: allocated
BGP Peering Information for ASN4134:
PEER_AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name
174 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | COGENT Cogent/PSI
1239 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | SPRINTLINK - Sprint
1299 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | TELIANET TeliaNet Global Network
2516 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | KDDI KDDI CORPORATION
2828 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | XO-AS15 - XO Communications
2914 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
3257 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | TISCALI-BACKBONE Tiscali Intl Network BV
3320 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | DTAG Deutsche Telekom AG
3491 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | BTN-ASN - Beyond The Network America, Inc.
3549 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | GBLX Global Crossing Ltd.
7132 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | SBIS-AS - AT&T Internet Services
7473 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | SINGTEL-AS-AP Singapore Telecommunications Ltd
11164 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | TRANSITRAIL - National LambdaRail, LLC
GeoIP Location Information for IP: 210.21.218.138
Located in: Shenzhen, 30 (CN)
Latitude: 22.5333
Longitude: 114.1333
Area Code:
Postal Code:
ARIN information for: 210.21.218.138
DNS PTR Record: sym.gdsz.cncnet.net.
Registrar: apnic
ASN Number: AS17623
Country: CN
Ip Starting Block: 210.21.128.0
IP Ending Block: 210.21.255.255
IP Block Size: 32768
Date Registered: 20001017
Block Status: allocated
BGP Peering Information for ASN17623:
PEER_AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name
4837 | 210.21.218.138 | 210.21.192.0/18 | CN | apnic | 2000-10-17 | CHINA169-BACKBONE CNCGROUP China169 Backbone
GeoIP Location Information for IP: 63.217.28.226
Located in: Herndon, VA (US)
Latitude: 38.9841
Longitude: -77.3827
Area Code: 703
Postal Code: 20170
ARIN information for: 63.217.28.226
DNS PTR Record: 63-217-28-226.static.pccwglobal.net.
Registrar: arin
ASN Number: AS3491
Country: US
Ip Starting Block: 63.216.0.0
IP Ending Block: 63.223.255.255
IP Block Size: 524288
Date Registered: 19991209
Block Status: allocated
BGP Peering Information for ASN3491:
PEER_AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name
174 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | COGENT Cogent/PSI
701 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | UUNET - MCI Communications Services, Inc. d/b/a Verizon Business
1299 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | TELIANET TeliaNet Global Network
2516 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | KDDI KDDI CORPORATION
2828 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | XO-AS15 - XO Communications
3549 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | GBLX Global Crossing Ltd.
4565 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | MEGAPATH2-US - MegaPath Networks Inc.
4657 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | STARHUBINTERNET-AS Starhub Internet, Singapore
6695 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | DECIX-AS DE-CIX, the German Internet Exchange
7132 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | SBIS-AS - AT&T Internet Services
7473 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | SINGTEL-AS-AP Singapore Telecommunications Ltd
10310 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | YAHOO-1 - Yahoo!
11164 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | TRANSITRAIL - National LambdaRail, LLC
GeoIP Location Information for IP: 64.57.246.146
Located in: Suwanee, GA (US)
Latitude: 34.0535
Longitude: -84.0659
Area Code: 770
Postal Code: 30024
ARIN information for: 64.57.246.146
DNS PTR Record: virtus.vps.4tvirtual.com.
Registrar: arin
ASN Number: AS20141
Country: US
Ip Starting Block: 64.57.240.0
IP Ending Block: 64.57.255.255
IP Block Size: 4096
Date Registered: 20051012
Block Status: allocated
BGP Peering Information for ASN20141:
PEER_AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name
6983 | 64.57.246.146 | 64.57.240.0/20 | US | arin | 2005-10-12 | ITCDELTA - ITC^Deltacom
14745 | 64.57.246.146 | 64.57.240.0/20 | US | arin | 2005-10-12 | INTERNAP-BLOCK-4 - Internap Network Services Corporation
GeoIP Location Information for IP: 67.192.144.0
Located in: San Antonio, TX (US)
Latitude: 29.5073
Longitude: -98.5747
Area Code: 210
Postal Code: 78229
ARIN information for: 67.192.144.0
DNS PTR Record:
Registrar: arin
ASN Number: AS33070
Country: US
Ip Starting Block: 67.192.0.0
IP Ending Block: 67.192.255.255
IP Block Size: 65536
Date Registered: 20070716
Block Status: allocated
BGP Peering Information for ASN33070:
PEER_AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name
209 | 67.192.144.0 | 67.192.128.0/18 | US | arin | 2007-07-16 | ASN-QWEST - Qwest Communications Corporation
1299 | 67.192.144.0 | 67.192.128.0/18 | US | arin | 2007-07-16 | TELIANET TeliaNet Global Network
2914 | 67.192.144.0 | 67.192.128.0/18 | US | arin | 2007-07-16 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
6461 | 67.192.144.0 | 67.192.128.0/18 | US | arin | 2007-07-16 | MFNX MFN - Metromedia Fiber Network
7018 | 67.192.144.0 | 67.192.128.0/18 | US | arin | 2007-07-16 | ATT-INTERNET4 - AT&T WorldNet Services
GeoIP Location Information for IP: 76.9.16.171
Located in: Weehawken, NJ (US)
Latitude: 40.7685
Longitude: -74.0199
Area Code: 201
Postal Code: 07086
ARIN information for: 76.9.16.171
DNS PTR Record:
Registrar: arin
ASN Number: AS23393
Country: US
Ip Starting Block: 76.9.0.0
IP Ending Block: 76.9.31.255
IP Block Size: 8192
Date Registered: 20070208
Block Status: allocated
BGP Peering Information for ASN23393:
PEER_AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name
2516 | 76.9.16.171 | 76.9.0.0/19 | US | arin | 2007-02-08 | KDDI KDDI CORPORATION
3257 | 76.9.16.171 | 76.9.0.0/19 | US | arin | 2007-02-08 | TISCALI-BACKBONE Tiscali Intl Network BV
3356 | 76.9.16.171 | 76.9.0.0/19 | US | arin | 2007-02-08 | LEVEL3 Level 3 Communications
4565 | 76.9.16.171 | 76.9.0.0/19 | US | arin | 2007-02-08 | MEGAPATH2-US - MegaPath Networks Inc.
6453 | 76.9.16.171 | 76.9.0.0/19 | US | arin | 2007-02-08 | GLOBEINTERNET TATA Communications
--------------090307080604000009010208--
