Team Cymru BGP bogon status ???

Scott Fisher littlefishguy at gmail.com
Sun Jan 31 22:09:07 UTC 2016 

Everyone,

Our site totalhash.cymru.com experienced a DDOS hit and caused our main
route to be null routed by our upstream provider. Things are coming online
but the IP that is being attacked will remain down for the time being.
Reply to this thread with any questions.

Thanks,
Scott

On Sunday, January 31, 2016, Matthew Huff <mhuff at ox.com> wrote:

> Traceroute from Verizon Fios
>
>
> macpro:~ mhuff$ traceroute 38.229.66.20
>
> traceroute to 38.229.66.20 (38.229.66.20), 64 hops max, 52 byte packets
>
>  1  firewall (10.1.1.1)  0.444 ms  0.191 ms  0.234 ms
>
>  2  lo0-100.nycmny-vfttp-369.verizon-gni.net<
> http://lo0-100.nycmny-vfttp-369.verizon-gni.net> (96.246.46.1)  58.317
> ms  48.413 ms  67.140 ms
>
>  3  t0-8-0-0.nycmny-lcr-21.verizon-gni.net<
> http://t0-8-0-0.nycmny-lcr-21.verizon-gni.net> (130.81.16.100)  62.175
> ms  63.223 ms
>
>     t0-8-0-0.nycmny-lcr-22.verizon-gni.net<
> http://t0-8-0-0.nycmny-lcr-22.verizon-gni.net> (130.81.16.102)  37.320 ms
>
>  4  * * *
>
>  5  0.ae2.br2.nyc4.alter.net<http://ae2.br2.nyc4.alter.net>
> (140.222.229.93)  18.697 ms
>
>     0.ae3.br2.nyc4.alter.net<http://ae3.br2.nyc4.alter.net>
> (140.222.231.133)  3.791 ms
>
>     0.ae1.br2.nyc4.alter.net<http://ae1.br2.nyc4.alter.net>
> (140.222.229.91)  2.985 ms
>
>  6  204.255.168.110 (204.255.168.110)  12.558 ms  14.904 ms  17.009 ms
>
>  7  be2060.ccr41.jfk02.atlas.cogentco.com<
> http://ccr41.jfk02.atlas.cogentco.com> (154.54.31.9)  17.248 ms  21.324
> ms  16.526 ms
>
>  8  * * *
>
>  9  * * *
>
> 10  * * *
>
> 11  * * *
>
> 12  * * *
>
> 13  * * *
>
> 14  * * *
>
> 15  * * *
>
> 16  * * *
>
> 17  * * *
>
> 18  * * *
>
> 19  * * *
>
>
> Traceroute via Lightpath
>
>
> [root at burr ~]# traceroute -I 38.229.66.20
>
> traceroute to 38.229.66.20 (38.229.66.20), 30 hops max, 60 byte packets
>
>  1  switch-core1.ox.com<http://switch-core1.ox.com> (129.77.108.252)
> 0.376 ms  0.385 ms  0.432 ms
>
>  2  switch-user2.ox.com<http://switch-user2.ox.com> (129.77.154.249)
> 0.424 ms  0.539 ms  0.571 ms
>
>  3  rtr-inet1.ox.com<http://rtr-inet1.ox.com> (129.77.1.253)  0.480 ms
> 0.484 ms  0.488 ms
>
>  4  189d20f9.cst.lightpath.net<http://189d20f9.cst.lightpath.net>
> (24.157.32.249)  4.875 ms  4.952 ms  4.956 ms
>
>  5  18267502.cst.lightpath.net<http://18267502.cst.lightpath.net>
> (24.38.117.2)  4.951 ms  4.962 ms  4.963 ms
>
>  6  hunt183-146.optonline.net<http://hunt183-146.optonline.net>
> (167.206.183.146)  5.843 ms  5.625 ms  5.613 ms
>
>  7  * * *
>
>  8  be3030.ccr21.jfk04.atlas.cogentco.com<
> http://ccr21.jfk04.atlas.cogentco.com> (154.54.11.249)  8.945 ms  9.234
> ms  9.816 ms
>
>  9  be2324.ccr41.jfk02.atlas.cogentco.com<
> http://ccr41.jfk02.atlas.cogentco.com> (154.54.47.17)  6.456 ms  6.534
> ms  6.533 ms
>
> 10  * * *
>
> 11  * * *
>
> 12  * * *
>
> 13  * * *
>
> 14  * * *
>
> 15  * * *
>
> 16  * * *
>
> 17  * * *
>
> 18  * * *
>
> 19  * * *
>
> 20  * * *
>
> 21  * * *
>
> 22  * * *
>
> 23  * * *
>
> 24  * * *
>
> 25  * * *
>
> 26  * * *
>
> 27  * * *
>
> 28  * * *
>
> 29  * * *
>
> 30  * * *
>
> IPv6 vial Lightpath
>
> [root at burr ~]# traceroute -I 2620:0:6b0::26e5:4207
>
> traceroute to 2620:0:6b0::26e5:4207 (2620:0:6b0::26e5:4207), 30 hops max,
> 80 byte packets
>
>  1  switch-core1.ox.com<http://switch-core1.ox.com>
> (2620:0:2810:16c::fffd)  0.429 ms  0.534 ms  0.612 ms
>
>  2  switch-user2.ox.com<http://switch-user2.ox.com>
> (2620:0:2810:e002::253)  0.429 ms  0.532 ms  0.643 ms
>
>  3  rtr-inet1.ox.com<http://rtr-inet1.ox.com> (2620:0:2810:101::fffd)
> 0.510 ms  0.515 ms  0.518 ms
>
>  4  2607:fda8:8::2 (2607:fda8:8::2)  4.882 ms  4.889 ms  4.892 ms
>
>  5  2607:fda8:2::2c (2607:fda8:2::2c)  71.000 ms  71.011 ms  71.014 ms
>
>  6  2607:fda8:2::85 (2607:fda8:2::85)  5.868 ms  5.837 ms  5.823 ms
>
>  7  * * *
>
>  8  * * *
>
>  9  * * *
>
> 10  * * *
>
> 11  * * *
>
> 12  * * *
>
> 13  * * *
>
> 14  * * *
>
> 15  * * *
>
> 16  * * *
>
> 17  * * *
>
> 18  * * *
>
> 19  * * *
>
> 20  * * *
>
> 21  * * *
>
> 22  * * *
>
> 23  * * *
>
> 24  * * *
>
> 25  * * *
>
> 26  * * *
>
> 27  * * *
>
> 28  * * *
>
> 29  * * *
>
> 30  * * *
>
>
> On Jan 31, 2016, at 11:44 AM, Matthew Huff <mhuff at ox.com <javascript:;>
> <mailto:mhuff at ox.com <javascript:;>>> wrote:
>
> Starting around 7:17 am EST, we lost our IPv4 & IPv6  BGP connections to
> Cymru. We have two connections in both IPv4 and IPv6 on both of our two
> routers. On each router one connection is stuck in active, the other
> providing 0 prefixes. I can’t get to http://www.team-cymru.org from
> either work or home. Anyone know what’s up?
>
>

-- 
Scott

More information about the NANOG mailing list