the attack continues..

Paul Ferguson fergdawgster at gmail.com
Sat Oct 18 15:08:46 CDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, Oct 18, 2008 at 12:52 PM, Beavis <pfunix at gmail.com> wrote:

> I'm hosting the company's site and we're not running any type of
> promotions other than the ones that we have. this is a typical
> scenario for sites that host these type of content to get attacked.
>
> If only i can get through one of those IP's and get the program that's
> running on them (bot) that will give me a clue where it goes.
>
> Attacker IP's these guys are just persistent they are trying to hit
> port 80 on a dns box.
>
> 92.124.174.10
> 89.252.28.60
> 91.124.110.98
> 98.25.64.170
> 92.112.229.94
> 75.186.69.225
> 89.113.48.227
> 87.103.174.101
> 84.47.161.244
> 89.169.111.90
> 92.112.145.158
> 85.141.238.233
> 91.202.109.72
> 89.222.217.116
> 193.109.241.45
> 212.192.251.11
> 213.252.64.74
> 91.200.8.6
> 92.113.10.101
> 200.11.153.142
> 80.55.213.118
> 200.43.3.153
>

Well, good luck with all that -- it would appear that all of the hosts
attacking you are botnet'ed residential broadband machines:

92.124.174.10  -PTR-> host-92-124-174-10.pppoe.omsknet.ru
89.252.28.60   -PTR-> NXDOMAIN
91.124.110.98  -PTR-> 98-110-124-91.pool.ukrtel.net
98.25.64.170   -PTR-> cpe-098-025-064-170.sc.res.rr.com
92.112.229.94  -PTR-> 94-229-112-92.pool.ukrtel.net
75.186.69.225  -PTR-> cpe-75-186-69-225.cinci.res.rr.com
89.113.48.227  -PTR-> 89-113-48-227.nat.dsl.orel.ru
87.103.174.101 -PTR-> 87-103-174-101.pppoe.irtel.ru
84.47.161.244  -PTR-> 84-47-161-244.apmt.ru

[...]

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFI+kJBq1pz9mNUZTMRApbGAJ9WamkW06pTb+SpWUn0rirpQZf/KgCg1APq
LPs4/rDH8wPmAk6bvl+FpI4=
=N1VC
-----END PGP SIGNATURE-----



-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/




More information about the NANOG mailing list