[GTER] Ataque DDOS
Glauber Derlland
glauber at vescnet.com.br
Mon Oct 5 07:35:47 -03 2015
Bom dia,
Alguem esta enfrentando isso tipo de Ataque
Sep/29/2015 19:56:55 , proto UDP, 88.250.183.167:1900->XXX.XXX.XXX.XXX:80,
len 266
Sep/29/2015 19:56:55 , proto UDP, 95.9.114.232:1900->XXX.XXX.XXX.XXX:80,
len 321
Sep/29/2015 19:56:55 , proto UDP, 95.9.114.232:1900->XXX.XXX.XXX.XXX:80,
len 321
Sep/29/2015 19:56:55 , proto UDP, 78.186.8.157:1900->XXX.XXX.XXX.XXX:80,
len 321
Sep/29/2015 19:56:55 , proto UDP, 72.229.228.53:1900->XXX.XXX.XXX.XXX:80,
len 338
Sep/29/2015 19:56:55 , proto UDP, 41.196.86.182:1900->XXX.XXX.XXX.XXX:80,
len 258
Sep/29/2015 19:56:55 , proto UDP, 75.89.110.97:1900->XXX.XXX.XXX.XXX:80,
len 367
Sep/29/2015 19:56:55 , proto UDP, 173.186.125.161:1900->XXX.XXX.XXX.XXX:80,
len 359
Sep/29/2015 19:56:55 , proto UDP, 85.96.207.61:1900->XXX.XXX.XXX.XXX:80,
len 316
Sep/29/2015 19:56:55 , proto UDP, 24.208.37.154:1900->XXX.XXX.XXX.XXX:80,
len 266
Sep/29/2015 19:56:55 , proto UDP, 24.208.37.154:1900->XXX.XXX.XXX.XXX:80,
len 338
Sep/29/2015 19:56:55 , proto UDP, 76.24.200.75:1900->XXX.XXX.XXX.XXX:80,
len 266
Sep/29/2015 19:56:55 , proto UDP, 98.30.40.44:1900->XXX.XXX.XXX.XXX:80, len
330
Sep/29/2015 19:56:55 , proto UDP, 37.242.12.64:1900->XXX.XXX.XXX.XXX:80,
len 329
Sep/29/2015 19:56:55 , proto UDP, 188.118.251.216:1900->XXX.XXX.XXX.XXX:80,
len 355
Sep/29/2015 19:56:55 , proto UDP, 190.214.140.21:1900->XXX.XXX.XXX.XXX:80,
len 312
Sep/29/2015 19:56:55 , proto UDP, 78.189.168.191:1900->XXX.XXX.XXX.XXX:80,
len 300
Sep/29/2015 19:56:55 , proto UDP, 88.250.168.173:1900->XXX.XXX.XXX.XXX:80,
len 337
Sep/29/2015 19:56:55 , proto UDP, 88.250.168.173:1900->XXX.XXX.XXX.XXX:80,
len 331
Sep/29/2015 19:56:55 , proto UDP, 166.102.230.129:1900->XXX.XXX.XXX.XXX:80,
len 295
Sep/29/2015 19:56:55 , proto UDP, 208.106.2.83:1900->XXX.XXX.XXX.XXX:80,
len 355
Sep/29/2015 19:56:55 , proto UDP, 76.24.200.75:1900->XXX.XXX.XXX.XXX:80,
len 338
Sep/29/2015 19:56:55 , proto UDP, 78.189.168.191:1900->XXX.XXX.XXX.XXX:80,
len 351
Sep/29/2015 19:56:55 , proto UDP, 166.102.230.129:1900->XXX.XXX.XXX.XXX:80,
len 306
Sep/29/2015 19:56:55 , proto UDP, 208.106.2.83:1900->XXX.XXX.XXX.XXX:80,
len 302
Sep/29/2015 19:56:55 , proto UDP, 76.24.200.75:1900->XXX.XXX.XXX.XXX:80,
len 334
Sep/29/2015 19:56:55 , proto UDP, 78.189.168.191:1900->XXX.XXX.XXX.XXX:80,
len 347
Sep/29/2015 19:56:55 , proto UDP, 76.24.200.75:1900->XXX.XXX.XXX.XXX:80,
len 314
Sep/29/2015 19:56:55 , proto UDP, 181.211.178.167:1900->XXX.XXX.XXX.XXX:80,
len 316
Sep/29/2015 19:56:55 , proto UDP, 78.189.168.191:1900->XXX.XXX.XXX.XXX:80,
len 331
Sep/29/2015 19:56:55 , proto UDP, 98.242.172.180:1900->XXX.XXX.XXX.XXX:80,
len 266
Sep/29/2015 19:56:55 , proto UDP, 139.55.188.117:1900->XXX.XXX.XXX.XXX:80,
len 301
Sep/29/2015 19:56:55 , proto UDP, 69.40.138.121:1900->XXX.XXX.XXX.XXX:80,
len 371
Sep/29/2015 19:56:55 , proto UDP, 75.89.110.97:1900->XXX.XXX.XXX.XXX:80,
len 304
Sep/29/2015 19:56:55 , proto UDP, 75.89.110.97:1900->XXX.XXX.XXX.XXX:80,
len 337
Sep/29/2015 19:56:55 , proto UDP, 98.22.249.5:1900->XXX.XXX.XXX.XXX:80, len
374
Sep/29/2015 19:56:55 , proto UDP, 78.188.168.188:1900->XXX.XXX.XXX.XXX:80,
len 325
Sep/29/2015 19:56:55 , proto UDP, 14.221.129.218:1900->XXX.XXX.XXX.XXX:80,
len 319
Sep/29/2015 19:56:55 , proto UDP, 95.188.78.112:1900->XXX.XXX.XXX.XXX:80,
len 355
Sep/29/2015 19:56:55 , proto UDP, 78.188.204.57:1900->XXX.XXX.XXX.XXX:80,
len 351
Sep/29/2015 19:56:55 , proto UDP, 78.188.204.57:1900->XXX.XXX.XXX.XXX:80,
len 331
Sep/29/2015 19:56:55 , proto UDP, 173.186.125.161:1900->XXX.XXX.XXX.XXX:80,
len 306
XXX.XXX.XXX.XXX = qualquer ip do bloco
Soluções até o momento:
Bloqueio do IP: XXX.XXX.XXX.XXX, junto a operado;
Operado não tem blackhole, esta ofertando serviço Anti-DDOS;
Não faz bloqueio por porta;
Firewall bloqueando, UDP porta 1900 para todos os host da rede;
Desligar a Interface do Link ao ativar o ataque permanece;
Duração do ataque 15 minutos, horas programados;
Consome toda banda do circuito.
--
<http://www.vescnet.com.br>
Glauber Derlland
81-3497-7250
81-4062-9722
81-988-593-306
11-4063-1673
INOC-DBA.br: 262792*100
WhatsApp: 55 81 8163-7122
Viper: 55 81 8163-7122
Skype: vescnet
Facebook: vescnet
Twitter: @vescnet
ICQ: 670280143
www.vescnet.com.br
https://beta.peeringdb.com/net/4988 <http://as262792.peeringdb.com/>
Maps <http://goo.gl/maps/ugZkZ>
More information about the gter
mailing list