Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

The problem with trying to make a list is that a DNS amplification
attack uses UDP, and requires no return information to make the attack
work...  So you really have no idea if these IP addresses were spoofed,
and/or if they were in fact the intended victim of the attack.


On 04/29/2013 04:33 AM, Uwe (ML) Kiewel wrote:
> According to my IPS here are the top 20 - counting from 04/22/2013 until 
> 04/28/2013
>
> Source IP     Country Packets
> 93.170.92.40  NL      309949
> 203.124.103.1 SG      75174
> 182.50.156.206        SG      74860
> 77.64.198.79  DE      50088
> 184.72.223.220        US      48852
> 72.20.10.245  US      46466
> 186.2.161.24  BZ      41649
> 205.251.193.221       US      31930
> 186.2.165.1   BZ      28029
> 174.37.121.123        US      15333
> 173.193.159.94        US      14763
> 174.37.121.182        US      14630
> 173.193.137.84        US      14476
> 208.43.227.116        US      11874
> 5.153.6.205   NL      11489
> 184.172.60.180        US      11443
> 199.245.52.48 US      10774
> 199.83.134.214        US      9819
> 209.236.127.128       US      9714
> 64.215.195.237        US      9229
>
>
> --------
> You are a member of the OpenNIC Discuss list. 
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org