DDoS attacks

Ariel Biener ariel at fireball.tau.ac.il
Wed Jul 11 16:21:36 UTC 2001

  Hi people,

   For the last few days, I have experienced a series of DDoS attacks on
various targets around the globe. The general target is the EFNet irc
network, and servers have been attacked all through Europe, USA, Canada,
Israel, and such.

   Due to the various attacks, more than half of the servers on the
network were black holed (null routed). The others which hold 1/3 of the
client count, are attacked, or going to be attacked soon.

   If this keeps on going, this irc network will cease to exist. These
attacks are all coordinated, and some people are trying to locate the
source. Alot of traffic is coming via AboveNet from Korea. Alot of
"zombies" are used to attack targets, PCs infected with trojans, that can
be remote controlled.

   In this time of need, it would be a great help if the large carriers
would be helpful in tracing the traffic. I am, trying to gather more data,
and since alot of ISPs were attacked (C&W, Concentric, Global crossing,
exodus, different academic institues in the US, Internet Gold in Israel
via UUnet, the swedish telia backbone and academic institues in sweden,
russian rosstelekom, gigabell.de in germany and the list goes on), I
think this is a time when these people have to be stopped.

   At this time, it would be very helpful if AboveNet people could contact
me in private.



Ariel Biener
e-mail: ariel at post.tau.ac.il
PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html

More information about the NANOG mailing list