I started to track my security logs a lot more since I began to notice the amount of alerts I was getting via email on holidays. There is definitely a connection, American networks are under attack during American holidays specifically from 00:00 to 14:00, this time the attacks weren’t just coming from Chinese networks but Mexico & France.
Here is a list of the latest culprits…
inetnum: 61.174.51.192 – 61.174.51.255
netname: HANGZHOU-SRT-TECHNOLOGY-CO-LTD
country: CN
descr: HANGZHOU SRT TECHNOLOGY CO., LTD
inetnum: 115.239.248.0 – 115.239.248.255
netname: MOVEINTERNET-NETWORK
country: CN
descr: MoveInternet Network Technology Co.,Ltd.
descr:
admin-c: CJ1872-AP
tech-c: CS64-AP
mnt-irt: IRT-CHINANET-ZJ
inetnum: 183.0.0.0 – 183.63.255.255
netname: CHINANET-GD
descr: CHINANET Guangdong province network
descr: Data Communication Division
descr: China Telecom
country: CN
admin-c: IC83-AP
tech-c: IC83-AP
inetnum: 111.72.0.0 – 111.79.255.255
netname: CHINANET-JX
descr: CHINANET JIANGXI PROVINCE NETWORK
descr: China Telecom
descr: No.31,jingrong street
descr: Beijing 100032
country: CN
inetnum: 117.21.0.0 – 117.21.255.255
netname: CHINANET-JX
descr: CHINANET Jiangxi province network
descr: China Telecom
descr: No.31,jingrong street
descr: Beijing 100032
country: CN
inetnum: 202.109.128.0 – 202.109.191.255
netname: CHINANET-JX
descr: CHINANET Jiangxi province network
descr: Data Communication Division
descr: China Telecom
country: CN
inetnum: 89.248.162.128 – 89.248.162.255
netname: NL-ECATEL
descr: AS29073, Ecatel LTD
country: NL
inetnum: 212.83.128.0 – 212.83.153.255
netname: FRWOL
descr: Tiscali France
country: FR
NetRange: 168.243.0.0 – 168.243.255.255
CIDR: 168.243.0.0/16
OriginAS:
NetName: LACNIC-ERX-168-243-0-0
NetHandle: NET-168-243-0-0-1
Its probably nothing to worry about…