nanog mailing list archives
DNS DDoS - New Hosts
From: Andrew Fried <andrew.fried () gmail com>
Date: Tue, 27 Jan 2009 10:13:46 -0500
As of 10:10am (EST) new hosts are now being targeted in the DDoS. Interestingly enough two of the ip addresses are in China. Attached is a file containing the geoip/whois and peering information for the targeted systems. +----------------+-------------+ | host | count(host) | +----------------+-------------+ | 202.104.106.49 | 45 | | 210.21.218.138 | 48 | | 63.217.28.226 | 1153 | | 64.57.246.146 | 1559 | | 67.192.144.0 | 11765 | | 76.9.16.171 | 582 | +----------------+-------------+ -- Andrew Fried andrew.fried () gmail com
GeoIP Location Information for IP: 202.104.106.49
Located in: Boshi, 26 (CN)
Latitude: 34.7667
Longitude: 110.0500
Area Code:
Postal Code:
ARIN information for: 202.104.106.49
DNS PTR Record:
Registrar: apnic
ASN Number: AS4134
Country: CN
Ip Starting Block: 202.104.0.0
IP Ending Block: 202.105.255.255
IP Block Size: 131072
Date Registered: 19980817
Block Status: allocated
BGP Peering Information for ASN4134:
PEER_AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name
174 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | COGENT Cogent/PSI
1239 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | SPRINTLINK - Sprint
1299 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | TELIANET TeliaNet Global Network
2516 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | KDDI KDDI CORPORATION
2828 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | XO-AS15 - XO Communications
2914 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | NTT-COMMUNICATIONS-2914 - NTT America,
Inc.
3257 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | TISCALI-BACKBONE Tiscali Intl Network BV
3320 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | DTAG Deutsche Telekom AG
3491 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | BTN-ASN - Beyond The Network America,
Inc.
3549 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | GBLX Global Crossing Ltd.
7132 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | SBIS-AS - AT&T Internet Services
7473 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | SINGTEL-AS-AP Singapore
Telecommunications Ltd
11164 | 202.104.106.49 | 202.104.0.0/17 | CN | apnic | 1998-08-17 | TRANSITRAIL - National LambdaRail, LLC
GeoIP Location Information for IP: 210.21.218.138
Located in: Shenzhen, 30 (CN)
Latitude: 22.5333
Longitude: 114.1333
Area Code:
Postal Code:
ARIN information for: 210.21.218.138
DNS PTR Record: sym.gdsz.cncnet.net.
Registrar: apnic
ASN Number: AS17623
Country: CN
Ip Starting Block: 210.21.128.0
IP Ending Block: 210.21.255.255
IP Block Size: 32768
Date Registered: 20001017
Block Status: allocated
BGP Peering Information for ASN17623:
PEER_AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name
4837 | 210.21.218.138 | 210.21.192.0/18 | CN | apnic | 2000-10-17 | CHINA169-BACKBONE CNCGROUP China169
Backbone
GeoIP Location Information for IP: 63.217.28.226
Located in: Herndon, VA (US)
Latitude: 38.9841
Longitude: -77.3827
Area Code: 703
Postal Code: 20170
ARIN information for: 63.217.28.226
DNS PTR Record: 63-217-28-226.static.pccwglobal.net.
Registrar: arin
ASN Number: AS3491
Country: US
Ip Starting Block: 63.216.0.0
IP Ending Block: 63.223.255.255
IP Block Size: 524288
Date Registered: 19991209
Block Status: allocated
BGP Peering Information for ASN3491:
PEER_AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name
174 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | COGENT Cogent/PSI
701 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | UUNET - MCI Communications Services,
Inc. d/b/a Verizon Business
1299 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | TELIANET TeliaNet Global Network
2516 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | KDDI KDDI CORPORATION
2828 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | XO-AS15 - XO Communications
3549 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | GBLX Global Crossing Ltd.
4565 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | MEGAPATH2-US - MegaPath Networks Inc.
4657 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | STARHUBINTERNET-AS Starhub Internet,
Singapore
6695 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | DECIX-AS DE-CIX, the German Internet
Exchange
7132 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | SBIS-AS - AT&T Internet Services
7473 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | SINGTEL-AS-AP Singapore
Telecommunications Ltd
10310 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | YAHOO-1 - Yahoo!
11164 | 63.217.28.226 | 63.216.0.0/13 | US | arin | 1999-12-09 | TRANSITRAIL - National LambdaRail, LLC
GeoIP Location Information for IP: 64.57.246.146
Located in: Suwanee, GA (US)
Latitude: 34.0535
Longitude: -84.0659
Area Code: 770
Postal Code: 30024
ARIN information for: 64.57.246.146
DNS PTR Record: virtus.vps.4tvirtual.com.
Registrar: arin
ASN Number: AS20141
Country: US
Ip Starting Block: 64.57.240.0
IP Ending Block: 64.57.255.255
IP Block Size: 4096
Date Registered: 20051012
Block Status: allocated
BGP Peering Information for ASN20141:
PEER_AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name
6983 | 64.57.246.146 | 64.57.240.0/20 | US | arin | 2005-10-12 | ITCDELTA - ITC^Deltacom
14745 | 64.57.246.146 | 64.57.240.0/20 | US | arin | 2005-10-12 | INTERNAP-BLOCK-4 - Internap Network
Services Corporation
GeoIP Location Information for IP: 67.192.144.0
Located in: San Antonio, TX (US)
Latitude: 29.5073
Longitude: -98.5747
Area Code: 210
Postal Code: 78229
ARIN information for: 67.192.144.0
DNS PTR Record:
Registrar: arin
ASN Number: AS33070
Country: US
Ip Starting Block: 67.192.0.0
IP Ending Block: 67.192.255.255
IP Block Size: 65536
Date Registered: 20070716
Block Status: allocated
BGP Peering Information for ASN33070:
PEER_AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name
209 | 67.192.144.0 | 67.192.128.0/18 | US | arin | 2007-07-16 | ASN-QWEST - Qwest Communications
Corporation
1299 | 67.192.144.0 | 67.192.128.0/18 | US | arin | 2007-07-16 | TELIANET TeliaNet Global Network
2914 | 67.192.144.0 | 67.192.128.0/18 | US | arin | 2007-07-16 | NTT-COMMUNICATIONS-2914 - NTT America,
Inc.
6461 | 67.192.144.0 | 67.192.128.0/18 | US | arin | 2007-07-16 | MFNX MFN - Metromedia Fiber Network
7018 | 67.192.144.0 | 67.192.128.0/18 | US | arin | 2007-07-16 | ATT-INTERNET4 - AT&T WorldNet Services
GeoIP Location Information for IP: 76.9.16.171
Located in: Weehawken, NJ (US)
Latitude: 40.7685
Longitude: -74.0199
Area Code: 201
Postal Code: 07086
ARIN information for: 76.9.16.171
DNS PTR Record:
Registrar: arin
ASN Number: AS23393
Country: US
Ip Starting Block: 76.9.0.0
IP Ending Block: 76.9.31.255
IP Block Size: 8192
Date Registered: 20070208
Block Status: allocated
BGP Peering Information for ASN23393:
PEER_AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name
2516 | 76.9.16.171 | 76.9.0.0/19 | US | arin | 2007-02-08 | KDDI KDDI CORPORATION
3257 | 76.9.16.171 | 76.9.0.0/19 | US | arin | 2007-02-08 | TISCALI-BACKBONE Tiscali Intl Network BV
3356 | 76.9.16.171 | 76.9.0.0/19 | US | arin | 2007-02-08 | LEVEL3 Level 3 Communications
4565 | 76.9.16.171 | 76.9.0.0/19 | US | arin | 2007-02-08 | MEGAPATH2-US - MegaPath Networks Inc.
6453 | 76.9.16.171 | 76.9.0.0/19 | US | arin | 2007-02-08 | GLOBEINTERNET TATA Communications
Current thread:
- DNS DDoS - New Hosts Andrew Fried (Jan 27)