[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DOS attack assistance?

Subject: DOS attack assistance?
From: petelists at templin.org (Pete Templin)
Date: Wed, 26 Nov 2008 05:37:59 -0500

One of my customers, a host at 64.8.105.15, is feeling a "bonus" 
~130kpps from 88.191.63.28.  I've null-routed the source, though our 
Engine2 GE cards don't seem to be doing a proper job of that, 
unfortunately.  The attack is a solid 300% more pps than our aggregate 
traffic levels.

It's coming in via 6461, but they don't appear to have any ability to 
backtrack it.  Their only offer is to blackhole the destination until 
the attack subsides.  BGP tells me the source is in AS 12322, a RIPE AS 
that has little if any information publicly visible.

Any pointers on what to do next?

Thanks,

Pete

Follow-Ups:
- DOS attack assistance?
  - From: swmike at swm.pp.se (Mikael Abrahamsson)
- DOS attack assistance?
  - From: j at jcoley.net (Jay Coley)
- DOS attack assistance?
  - From: rol at witbe.net (Paul Rolland (ポール・ロラン))
- DOS attack assistance?
  - From: DHyde at HostMySite.com (Darrell Hyde)
- DOS attack assistance?
  - From: maxlarson.henry at mtptc.gouv.ht (Max Larson Henry)

Prev by Date: ip access-list e no-nanog-bs (Was Re: Public Assertions)
Next by Date: DOS attack assistance?
Previous by thread: ip access-list e no-nanog-bs (Was Re: Public Assertions)
Next by thread: DOS attack assistance?
Index(es):
- Date
- Thread