DDoS attacks

Richard A. Steenbergen ras at e-gerbil.net
Wed Jul 11 23:40:45 UTC 2001

>    For the last few days, I have experienced a series of DDoS attacks
> on various targets around the globe. The general target is the EFNet
> irc network, and servers have been attacked all through Europe, USA,
> Canada, Israel, and such.

Wow, EFNet is being attacked? That's never happened before. Someone should
alert the media.

>    Due to the various attacks, more than half of the servers on the
> network were black holed (null routed). The others which hold 1/3 of
> the client count, are attacked, or going to be attacked soon.

Perhaps because there are only 5 servers which actually accept clients?

>    If this keeps on going, this irc network will cease to exist.

Oh the humanity.

>    In this time of need, it would be a great help if the large
> carriers would be helpful in tracing the traffic.

Hrm you may have an idea there. Since so many attacks are related to
EFNet, and there are so many possible reasons for it to be impacting the
rest of the internet, I propose we introduce a new ICMP type, ICMP EFNet.
This message type could be used to convey all kinds of important
information about why things are broken, for example:

ICMP EFNet code 1 - Smurfing
ICMP EFNet code 2 - SYN Flooding
ICMP EFNet code 3 - Channel takeover
ICMP EFNet code 4 - Warring botnets
ICMP EFNet code 5 - Dianora

and many other useful messages.

Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177  (67 29 D7 BC E8 18 3E DA  B2 46 B3 D8 14 36 FE B6)

More information about the NANOG mailing list