Honeynet Project
http://www.honeynet.org
Last Modified: XX February, 2005
The following table presents the information we have collected about DDoS-attacks between November 2004 and January 2005. These data were collected with the help of drone, our IRC client, which we smuggle into Botnets with the help of information we have collected through Honeynets. We gave the information we have collected to a Computer Emergency Response Team (CERT) for further analysis.
This information is sanitized so that it does not allow to draw conclusions for specific attacks. This poses a certain protection for the victims of the DDoS-attacks in terms of privacy and data security.
Date | Nickname of attacker | Issued DDoS command |
---|---|---|
Nov 03 22:19:54 | nick#1 | !udp 209.75.160.XXX 20000 200 1 63089 |
Nov 03 22:21:10 | nick#1 | !syn 209.75.160.XXX 63089 120 |
Nov 04 21:38:13 | nick#1 | !syn 62.119.134.XXX 80 120 |
Nov 06 14:28:21 | nick#2 | $syn 69.64.36.XXX 6667 2000 -f -t |
Nov 06 14:32:21 | nick#2 | $syn 69.64.50.XXX 6667 2000 -f -t |
Nov 06 15:24:22 | nick#2 | $syn 207.44.152.XXX 6667 600 -f -t |
Nov 06 15:24:22 | nick#2 | $syn 207.44.152.XXX 6667 600 -f -t |
Nov 06 18:46:24 | nick#3 | $udp 207.44.152.XXX 9999 5400 1 |
Nov 07 21:56:42 | nick#2 | $syn 69.64.36.XXX 6667 800 -f -t -s |
Nov 07 21:56:42 | nick#2 | $syn 69.64.50.XXX 6667 1000 -f -t -s |
Nov 07 22:23:55 | nick#2 | $syn 69.64.36.XXX 6667 200 -f -t -s |
Nov 07 22:23:55 | nick#2 | $syn 69.64.50.XXX 6667 200 -f -t -s |
Nov 07 23:23:36 | nick#2 | $syn 212.227.51.XXX 6667 500 -f -t -s |
Nov 07 23:23:36 | nick#2 | $syn 62.193.226.XXX 6667 500 -f -t -s |
Nov 07 23:23:36 | nick#2 | $syn 66.132.253.XXX 6667 500 -f -t -s |
Nov 07 23:47:43 | nick#2 | $syn 217.160.243.XXX 6667 500 -f -t -s |
Nov 07 23:47:45 | nick#2 | $syn 64.158.219.XXX 6667 500 -f -t -s |
Nov 07 23:50:38 | nick#2 | $syn 206.53.59.XXX 6667 500 -f -t -s |
Nov 08 00:18:09 | nick#2 | $syn 206.53.59.XXX 6667 400 -f -t -s |
Nov 08 00:18:09 | nick#2 | $syn 216.117.158.XXX 6667 400 -f -t -s |
Nov 08 00:18:09 | nick#2 | $syn 217.160.243.XXX 6667 400 -f -t -s |
Nov 08 00:18:09 | nick#2 | $syn 66.90.95.XXX 6667 400 -f -t -s |
Nov 08 00:18:09 | nick#2 | $syn 67.15.70.XXX 6667 400 -f -t -s |
Nov 08 00:19:40 | nick#2 | $syn 64.158.219.XXX 6667 400 -f -t -s |
Nov 08 02:44:55 | nick#4 | $syn 217.160.243.XXX 22 500 -f -t -s |
Nov 08 02:54:01 | nick#4 | $syn 217.160.243.XXX 389 500 -f -t -s |
Nov 09 18:53:50 | nick#2 | $syn 69.10.138.XXX 80 600 -f -t -s |
Nov 10 01:04:08 | nick#3 | $udp 69.26.165.XXX 9999 5400 1 |
Nov 10 20:12:39 | nick#2 | $syn 69.64.36.XXX 6667 500 -f -t -s |
Nov 10 20:12:39 | nick#2 | $syn 69.64.50.XXX 6667 500 -f -t -s |
Nov 11 23:18:11 | nick#2 | $syn 69.64.36.XXX 6667 500 -f -t -s |
Nov 11 23:18:11 | nick#2 | $syn 69.64.50.XXX 6667 500 -f -t -s |
Nov 14 23:41:21 | nick#3 | $udp 82.47.2.XXX 9999 5600 1 -s |
Nov 16 05:31:29 | nick#6 | %udp 129.125.104.XXX 100000 150 0 -s |
Nov 16 05:31:40 | nick#6 | %syn 129.125.104.XXX 443 10000 -s |
Nov 17 18:26:09 | nick#2 | $syn 209.223.101.XXX 6667 500 -f -t -s |
Nov 18 00:45:38 | nick#2 | $syn 207.150.163.XXX 6667 500 -f -t -s |
Nov 18 00:45:38 | nick#2 | $syn 213.186.46.XXX 6667 500 -f -t -s |
Nov 18 00:45:38 | nick#2 | $syn 62.193.225.XXX 6667 500 -f -t- s |
Nov 18 00:45:38 | nick#2 | $syn 62.193.225.XXX 6667 500 -f -t -s |
Nov 18 00:45:38 | nick#2 | $syn 62.193.226.XXX 6667 500 -f -t -s |
Nov 18 00:58:48 | nick#7 | %syn 69.20.63.XXX 443 10000 -s |
Nov 18 00:59:00 | nick#7 | %syn 69.20.63.XXX 113 10000 -s |
Nov 18 01:00:54 | nick#7 | %icmp 69.20.63.XXX 10000 -s |
Nov 18 01:03:13 | nick#7 | %icmp 216.66.21.XXX 10000 -s |
Nov 18 01:03:21 | nick#7 | %syn 216.66.21.XXX 443 10000 -s |
Nov 18 01:03:25 | nick#7 | %syn 216.66.21.XXX 113 10000 -s |
Nov 21 21:52:19 | nick#3 | $udp 69.93.201.XXX |
Nov 21 21:52:29 | nick#3 | $udp 69.93.201.XXX 9999 5400 1 |
Nov 21 22:52:20 | nick#2 | $syn 66.235.201.XXX 139 200 -f -t -s |
Nov 21 23:15:00 | nick#3 | $syn 69.93.201.XXX 80 2000 -s |
Nov 21 23:17:55 | nick#3 | $udp 69.93.201.XXX 9999 5400 1 |
Nov 22 06:13:46 | nick#2 | $syn irc.3fchat.net 6667 500 -f -t -s |
Nov 23 07:33:24 | nick#2 | $syn irc.unixiirc.net 6667 1000 |
Nov 23 07:38:03 | nick#2 | $syn 217.160.240.XXX 6667 100 |
Nov 23 07:38:03 | nick#2 | $syn 62.193.225.XXX 6667 1000 |
Nov 23 07:38:03 | nick#2 | $syn 62.193.226.XXX 6667 1000 |
Nov 23 08:27:50 | nick#2 | $syn irc.unixiirc.net 6667 10000 |
Nov 23 09:34:19 | nick#4 | $syn 69.64.35.XXX 80809 500 |
Nov 23 13:37:13 | nick#4 | $syn 69.64.35.XXX 80809 500 -f -t -s |
Nov 23 13:38:24 | nick#4 | $syn 69.64.35.XXX 80809 500 -f -t |
Nov 23 13:51:03 | nick#4 | $syn 69.64.35.XXX 15273 500 -f -t |
Nov 23 13:58:36 | nick#4 | $syn 69.64.35.XXX 389 500 -f -t |
Nov 26 05:56:11 | nick#3 | $udp 193.12.148.XXX 9999 5400 1 |
Nov 26 06:17:18 | nick#3 | $udp 193.12.148.XXX 9999 5400 1 |
Nov 26 07:19:39 | nick#3 | $udp 62.163.97.XXX 99999 5400 1 |
Nov 26 07:50:39 | nick#3 | $udp 62.163.97.XXX 999999 5400 1 |
Nov 26 13:01:15 | nick#2 | $syn 217.160.240.XXX 6667 500 -f -t |
Nov 27 17:22:11 | nick#2 | $syn 67.15.70.XXX 6667 500 -f -t |
Nov 27 17:22:11 | nick#2 | $syn 69.72.192.XXX 6667 500 -f -t |
Nov 27 17:22:11 | nick#2 | $syn 82.165.249.XXX 6667 500 -f -t |
Dez 05 09:47:30 | nick#5 | .udp 67.19.98.XXX 27015 1000 100 -s |
Dez 07 00:51:55 | nick#8 | .ddos.ack www.epassporte.com 1000 1 -n |
Dez 07 00:52:17 | nick#8 | .ddos.ack www.epassporte.com 1000 1 1 -n |
Dez 07 00:52:20 | nick#8 | .ddos.ack www.epassporte.com 1000 1 1 1-n |
Dez 07 00:52:21 | nick#8 | .ddos.ack www.epassporte.com 1000 1 1 1 -n |
Dez 07 07:42:58 | nick#9 | .syn breestu.ru 80 600 |
Dez 15 21:38:45 | nick#10 | .udp 66.90.114.XXX 100000 450000 1 6667 |
Dez 16 02:04:46 | nick#11 | .udp 4.42.58.XXX 139 65000 1000 -s |
Dez 16 03:12:15 | #nick12 | .udp 4.42.58.XXX 139 65000 1000 -s |
Dez 16 04:16:56 | #nick12 | .udp 67.18.1.XXX 27015 65000 1000 -s |
Dez 19 04:35:24 | nick#5 | .udp 67.18.1.XXX 27015 65000 1000 -s |
Dez 19 10:24:32 | nick#10 | .udp login.uagam3rs.net 1000 46000 1 2593 -s |
Dez 22 19:35:57 | nick#13 | .ddos.udp 201.254.41.XXX 500000 64 1 9283 |
Dez 28 15:37:42 | nick#14 | .ddos.targa3 80.116.155.XXX 5000 |
Dez 28 15:44:31 | nick#14 | .ddos.targa3 80.116.155.XXX 5000 |
Dez 28 15:50:05 | nick#14 | .ddos.targa3 80.181.37.XXX 5000 |
Dez 28 15:55:23 | nick#14 | .ddos.random 80.181.37.XXX 21 200 |
Dez 28 20:37:33 | nick#14 | .ddos.random 66.225.200.XXX 22 150 |
Dez 28 20:38:38 | nick#14 | .ddos.syn 66.225.200.XXX 22 150 |
Dez 28 20:43:20 | nick#14 | .ddos.syn 69.31.78.XXX 4700 150 |
Dez 28 20:48:00 | nick#14 | .ddos.syn 69.31.78.XXX 4700 1000 |
Dez 29 14:44:07 | nick#14 | .ddos.syn 140.109.175.XXX 6667 300 |
Dez 29 16:00:33 | nick#15 | .udp 212.64.6.XXX 12000 12000 1 -s |
Dez 29 16:02:04 | nick#15 | .udp 82.168.68.XXX 12000 12000 1 -s |
Dez 29 16:15:17 | nick#15 | .udp 68.48.246.XXX 12000 12000 1 |
Dez 29 16:33:52 | nick#15 | .udp 211.26.63.XXX 20000 20000 1 -s |
Dez 29 16:34:04 | nick#15 | .udp 203.214.64.XXX 20000 20000 1 -s |
Dez 29 16:45:00 | nick#14 | .ddos.syn 69.31.78.XXX 6667 300 |
Dez 29 16:56:55 | nick#14 | .ddos.syn 69.31.78.XXX 6667 500 |
Jan 08 17:03:43 | nick#15 | .syn 200.32.5.XXX 80 200 -s |
Jan 09 15:01:24 | nick#16 | .syn 63.110.126.XXX 6667 100000 -s |
Jan 09 15:03:19 | nick#16 | .syn 206.41.117.XXX 6667 100000 -s |
Jan 09 15:45:59 | nick#14 | .ddos.random 82.49.51.XXX 21 200 |
Jan 09 16:13:17 | nick#14 | .ddos.random 81.208.38.XXX 6667 500 |
Jan 09 16:30:29 | nick#15 | .syn 200.80.26.XXX 80 100 -s |
Jan 09 16:33:21 | nick#15 | .syn 168.226.113.XXX 80 100 -s |
Jan 09 16:33:59 | nick#15 | .udpflood 72.20.17.XXX 999999 100000 2 |
Jan 09 17:31:22 | nick#14 | .ddos.random 63.208.1.XXX 6667 500 |
Jan 11 03:48:22 | nick#16 | udp 70.85.44.XXX 27015 65000 1000 -s |
Jan 11 19:55:58 | nick#14 | ddos.syn 82.48.245.XXX 21 130 |
Jan 15 13:59:01 | nick#17 | syn 200.80.26.XXX 80 100 |
Jan 15 14:00:08 | nick#17 | syn 200.80.26.XXX 6667 100 |
Jan 15 14:22:50 | nick#17 | syn 168.226.112.XXX 80 100 -s+ |
Jan 15 18:29:01 | nick#17 | syn 210.0.202.XXX 6667 200 -s |
Jan 15 18:29:07 | nick#17 | syn 210.0.202.XXX 6667 200 -s |
Jan 15 18:35:01 | nick#17 | syn 210.0.202.XXX 6667 100 -s |
Jan 15 18:39:22 | nick#17 | syn 210.0.202.XXX 6667 100 -s |
Jan 15 18:41:08 | nick#17 | syn 210.0.202.XXX 6667 100 -s |
Jan 15 18:44:53 | nick#17 | syn 210.0.202.XXX 80 100 -s |
Jan 15 18:44:55 | nick#17 | syn 210.0.202.XXX 25 100 -s |
Jan 15 18:44:59 | nick#17 | syn 210.0.202.XXX 110 100 -s |
Jan 15 18:47:54 | nick#17 | syn 210.0.202.XXX 110 100 -s |
Jan 15 19:33:37 | nick#17 | syn 69.93.44.XXX 80 200 -s |
Jan 16 19:35:37 | nick#17 | syn 219.11.8.XXX 80 100 -s |
Jan 16 19:35:40 | nick#17 | syn 219.11.8.XXX 22 100 -s |
Jan 16 19:35:44 | nick#17 | syn 219.11.8.XXX 25 100 -s |
Jan 16 19:40:05 | nick#17 | syn 219.11.8.XXX 22 100 -s |
Jan 16 19:40:05 | nick#17 | syn 219.11.8.XXX 25 100 -s |
Jan 17 00:26:34 | nick#17 | syn 200.114.146.XXX 22 100 -s |
Jan 17 00:26:38 | nick#17 | syn 200.114.146.XXX 25 100 -s |
Jan 17 00:26:42 | nick#17 | syn 200.114.146.XXX 139 100 -s |
Jan 17 00:46:10 | nick#17 | syn 24.98.126.XXX 6667 200 -s |
Jan 17 00:50:53 | nick#17 | syn 24.98.126.XXX 6667 200 -s |
Jan 17 06:42:15 | nick#8 | udp 67.15.136.XXX 10000 1 2593 -n |
Jan 17 06:42:16 | nick#8 | udp 67.15.136.XXX 10000 1 2593 -n |
Jan 17 06:42:17 | nick#8 | udp 67.15.136.XXX 10000 1 2593 -n |
Jan 17 10:45:25 | nick#18 | udp 67.15.136.XXX 1000 45000 1 2593 -n |
Jan 17 10:45:51 | nick#18 | udp 67.15.136.XXX 1000 45000 1 2593 -n |
Jan 17 10:47:13 | nick#18 | udp 67.15.136.XXX 1000 45000 1 2593 -s |
Jan 17 10:47:19 | nick#18 | udp 67.15.136.XXX 10000 45000 1 2593 -s |
Jan 17 11:08:26 | nick#18 | udp 67.15.136.XXX 10000 45000 1 2593 -s |
Jan 17 11:09:11 | nick#18 | udp 67.15.136.XXX 10000 45000 1 2593 -s |
Jan 17 11:17:18 | nick#18 | udp 67.15.136.XXX 10000 45000 1 2593 -s |
Jan 19 01:40:28 | nick#19 | syn 168.243.222.XXX 22 100 -s |
Jan 19 01:40:45 | nick#19 | syn 168.243.222.XXX 80 100 -s |
Jan 19 02:08:38 | nick#19 | syn 168.243.222.XXX 80 100 -s |
Jan 19 02:08:41 | nick#19 | syn 168.243.222.XXX 22 100 -s |
Jan 19 02:47:41 | nick#19 | syn 168.243.222.XXX 22 100 -s |
Jan 19 02:47:44 | nick#19 | syn 168.243.222.XXX 80 100 -s |
Jan 19 03:02:30 | nick#19 | syn 200.55.93.XXX 20 100 -s |
Jan 19 03:02:35 | nick#19 | syn 200.55.93.XXX 80 100 -s |
Jan 20 10:57:17 | nick#20 | u 67.15.6.XXX 40000 10000 1 -n |
Jan 20 10:57:42 | nick#20 | u 67.15.6.XXX 1000 45600 1 -n |
Jan 20 10:58:09 | nick#20 | u 67.15.6.XXX 1000 45600 1 -s |
Jan 20 10:58:13 | nick#20 | u 67.15.6.XXX 1000 45679 1 -s |
Jan 20 11:01:43 | nick#21 | u 67.15.6.XXX 1000 45679 1 -s |
Jan 20 11:06:39 | nick#21 | u 67.15.136.XXX 1000 45679 1 -s |
Jan 20 11:07:39 | nick#21 | u 67.15.136.XXX 1000 45679 1 -s |
Jan 20 11:08:55 | nick#21 | u 67.15.136.XXX 1000 45679 1 -s |
Jan 20 11:10:35 | nick#21 | u 67.15.136.XXX 1000 45679 1 -s |
Jan 20 18:31:52 | nick#14 | ddos.syn 68.198.88.XXX 21 300 |
Jan 21 16:45:14 | nick#14 | ddos.syn 195.110.126.XXX 80 200 |
Jan 22 18:38:45 | nick#21 | syn 201.252.105.XXX 80 100 -s |
Jan 22 18:38:49 | nick#21 | syn 201.252.105.XXX 22 100 -s |
Jan 22 18:48:14 | nick#21 | .syn 201.252.105.XXX 22 100 -s |
Jan 22 18:48:20 | nick#21 | syn 201.252.105.XXX 22 100 -s |
Jan 23 11:25:45 | nick#22 | u 4.11.150.XXX 45000 45678 1 -s |
Jan 23 11:26:11 | nick#22 | u 4.11.150.XXX 45000 45678 1 -s |
Jan 23 11:26:19 | nick#22 | u 4.11.150.XXX 45000 45678 1 -s |
Jan 23 15:56:40 | nick#1 | udp 81.72.108.XXX 20000 200 1 |
Jan 23 19:27:52 | nick#14 | ddos.syn 151.49.8.XXX 21 200 |
Jan 23 19:56:58 | nick#14 | ddos.syn 213.202.217.XXX 6667 200 |
Jan 24 04:41:21 | nick#23 | syn 200.61.58.XXX 80 100 -s |
Jan 24 04:42:10 | nick#23 | syn 200.61.58.XXX 22 100 -s |
Jan 24 04:43:24 | nick#23 | syn 213.186.55.XXX 80 100 -s |
Jan 24 04:45:09 | nick#23 | syn 200.61.58.XXX 80 100 -s |
Jan 24 04:45:11 | nick#23 | syn 200.61.58.XXX 80 100 -s |
Jan 24 04:45:14 | nick#23 | syn 200.61.58.XXX 22 100 -s |
Jan 24 04:47:09 | nick#23 | syn 200.61.58.XXX 22 100 -s |
Jan 24 04:47:09 | nick#23 | syn 200.61.58.XXX 80 100 -s |
Jan 24 04:47:10 | nick#23 | syn 200.61.58.XXX 80 100 -s |
Jan 24 04:47:10 | nick#23 | syn 200.61.58.XXX 80 100 -s |
Jan 24 04:47:10 | nick#23 | syn 200.61.58.XXX 80 100 -s |
Jan 24 04:47:30 | nick#23 | syn 200.61.58.XXX 25 100 -s |
Jan 24 04:47:33 | nick#23 | syn 200.61.58.XXX 110 100 -s |
Jan 24 04:47:59 | nick#23 | udpflood 200.61.58.XXX 90000 200000 2 |
Jan 24 04:51:56 | nick#24 | udpflood 65.110.37.XXX 999999 99999999 2 |
Jan 24 04:53:40 | nick#24 | syn 65.110.37.XXX 80 100 |
Jan 24 04:56:48 | nick#24 | syn 65.110.37.XXX 6667 200 -s |
Jan 24 04:58:19 | nick#24 | syn 65.110.37.XXX 6669 200 -s |
Jan 24 05:01:37 | nick#24 | syn 65.110.37.XXX 6669 200 -s |
Jan 24 05:02:37 | nick#24 | syn 65.110.37.XXX 6669 200 -s |
Jan 24 05:03:06 | nick#24 | syn 65.110.37.XXX 80 200 -s |
Jan 24 05:11:43 | nick#24 | syn 65.110.37.XXX 6667 200 -s |
Jan 24 05:12:17 | nick#24 | syn 65.110.37.XXX 6667 200 -s |
Jan 24 05:13:39 | nick#24 | syn 65.110.37.XXX 6667 200 -s |
Jan 24 05:13:40 | nick#24 | syn 65.110.37.XXX 6667 200 -s |
Jan 24 05:13:40 | nick#24 | syn 65.110.37.XXX 6667 200 -s |
Jan 24 05:13:40 | nick#24 | syn 65.110.37.XXX 6667 200 -s |
Jan 25 19:27:50 | nick#25 | ddos.syn 80.183.59.XXX 21 130 |
Jan 25 19:29:10 | nick#25 | ddos.syn 80.221.214.XXX 21 130 |
Jan 26 19:48:03 | nick#25 | ddos.syn 208.53.149.XXX 6667 200 |
Jan 26 19:55:31 | nick#25 | ddos.syn 208.53.149.XXX 6667 200 |
Jan 26 19:55:42 | nick#25 | ddos.syn 208.53.149.XXX 6667 200 |
Jan 27 05:29:48 | nick#23 | syn 200.122.65.XXX 80 100 -s |
Jan 27 06:25:54 | nick#23 | syn 84.235.21.XXX 80 100 -s |
Jan 28 15:58:32 | nick#25 | ddos.syn 82.50.71.XXX 21 100 |
Jan 28 20:10:03 | nick#25 | ddos.syn 82.56.168.XXX 21 100 -s |
Jan 29 02:37:30 | nick#23 | syn 65.110.37.XXX 80 200 -s |
Jan 29 02:40:20 | nick#24 | syn 65.110.37.XXX 31337 100 -s |
Jan 29 02:41:59 | nick#24 | syn 65.110.37.XXX 80100 |
Jan 29 02:42:01 | nick#24 | syn 65.110.37.XXX 80 100 |
Jan 29 06:14:31 | nick#23 | syn 200.122.20.XXX 22 100 -s |
Jan 29 06:19:26 | nick#23 | syn 200.122.20.XXX 80 100 -s |
Jan 29 07:33:27 | nick#23 | syn 201.252.85.XXX 80 100 -s |
Jan 29 07:36:04 | nick#26 | syn 201.252.85.XXX 80 100 -s |
Jan 29 07:41:22 | nick#27 | syn 201.252.85.XXX 80 100 -s |
Jan 29 07:48:25 | nick#27 | syn 201.252.85.XXX 80 100 -s |
Jan 29 07:49:00 | nick#27 | syn 201.252.85.XXX 80 100 -s |
Jan 29 23:01:54 | nick#23 | syn 216.244.192.XXX 80 200 -s |
Jan 30 03:31:16 | nick#28 | syn 68.63.216.XXX 21 35 |
Jan 30 20:39:44 | nick#25 | ddos.syn 61.92.185.XXX 21 50 |
Jan 30 21:41:27 | nick#28 | syn 24.183.196.XXX 21 390 |
Jan 31 04:28:58 | nick#28 | syn 68.63.216.XXX 21 500 |
Jan 31 08:29:06 | nick#28 | syn 24.141.2.XXX 21 100 |