Getting PING bombed...

• Previous message (by thread): Getting PING bombed...
• Next message (by thread): Getting PING bombed...
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

access-list 123 deny icmp host 130.89.29.52 any echo
access-list 123 permit ip any any
interface HSSIx/x
 ip access-group 123 in

..have your upstream do the same, out.

Doug Davis wrote:
> 
> Hello all.
> 
> We are getting ping bombed by the site `donantonio.wb.utwente.nl`
> the attack is coming thru our uunet connection and is consuming
> about 20% of our DS3.  It is directed at one of our 28.8 dialup
> ports.
> 
> Email to the listed site contact fails with "Resource unavailable"
> 
> Does anyone have a contact address for these folks? Even though we've
> blocked them at the router, my customers would really like them to stop
> now so we can have the rest of the DS3.
> 
> 23:30:52.396533 130.89.29.52 > 206.66.5.134: (frag 35152:576 at 1480)
> 23:30:52.398484 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35153:1480 at 0+)
> 23:30:52.399460 130.89.29.52 > 206.66.5.134: (frag 35153:576 at 1480)
> 23:30:52.402386 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35154:1480 at 0+)
> 23:30:52.404337 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35155:1480 at 0+)
> 23:30:52.404337 130.89.29.52 > 206.66.5.134: (frag 35155:576 at 1480)
> 23:30:52.408240 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35156:1480 at 0+)
> 23:30:52.408240 130.89.29.52 > 206.66.5.134: (frag 35156:576 at 1480)
> 23:30:52.411166 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35157:1480 at 0+)
> 23:30:52.411166 130.89.29.52 > 206.66.5.134: (frag 35157:576 at 1480)
> 23:30:52.413118 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35158:1480 at 0+)
> 23:30:52.413118 130.89.29.52 > 206.66.5.134: (frag 35158:576 at 1480)
> 23:30:52.415069 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35159:1480 at 0+)
> 23:30:52.416044 130.89.29.52 > 206.66.5.134: (frag 35159:576 at 1480)
> 23:30:52.418971 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35160:1480 at 0+)
> 23:30:52.419946 130.89.29.52 > 206.66.5.134: (frag 35160:576 at 1480)
> 23:30:52.420922 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35161:1480 at 0+)
> 23:30:52.420922 130.89.29.52 > 206.66.5.134: (frag 35161:576 at 1480)
> 23:30:52.425800 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35163:1480 at 0+)
> 23:30:52.425800 130.89.29.52 > 206.66.5.134: (frag 35163:576 at 1480)
> 23:30:52.428727 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35165:1480 at 0+)
> 23:30:52.428727 130.89.29.52 > 206.66.5.134: (frag 35165:576 at 1480)
> 23:30:52.431653 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35167:1480 at 0+)
> 23:30:52.431653 130.89.29.52 > 206.66.5.134: (frag 35167:576 at 1480)
> 23:30:52.434580 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35168:1480 at 0+)
> 23:30:52.434580 130.89.29.52 > 206.66.5.134: (frag 35168:576 at 1480)
> 23:30:52.436531 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35169:1480 at 0+)
> 23:30:52.436531 130.89.29.52 > 206.66.5.134: (frag 35169:576 at 1480)
> 23:30:52.439458 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35170:1480 at 0+)
> 23:30:52.439458 130.89.29.52 > 206.66.5.134: (frag 35170:576 at 1480)
> 23:30:52.445311 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35173:1480 at 0+)
> 23:30:52.446287 130.89.29.52 > 206.66.5.134: (frag 35173:576 at 1480)
> 23:30:52.449213 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35174:1480 at 0+)
> 23:30:52.449213 130.89.29.52 > 206.66.5.134: (frag 35174:576 at 1480)
> 23:30:52.451164 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35175:1480 at 0+)
> 23:30:52.451164 130.89.29.52 > 206.66.5.134: (frag 35175:576 at 1480)
> 23:30:52.453116 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35177:1480 at 0+)
> 23:30:52.453116 130.89.29.52 > 206.66.5.134: (frag 35177:576 at 1480)
> 23:30:52.456042 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35178:1480 at 0+)
> 23:30:52.457993 130.89.29.52 > 206.66.5.134: icmp: echo request (frag 35179:1480 at 0+)
> [...]
> 
> 


-- 
jamie g.k. rishaw  dal/efnet:gavroche  __    IAGnet/CICNet/netILLINOIS Netops
DID:216.902.5455 FAX:216.623.3566      \/            800.637.4IAGx5455
"No. I'm *not* going to walk a nun through a router config." -dan at nic.net
               Forget regret, or life is yours to miss -- RENT

• Previous message (by thread): Getting PING bombed...
• Next message (by thread): Getting PING bombed...
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]