Hey, QWEST clean up your network

John Brown jmbrown at chagresventures.com
Fri Aug 29 03:25:42 UTC 2003



Seems like QWEST doesn't have any edge ACL's in place to deal
with this lovely worm issue.
 
Count           Source Prexix, rounded up to a /16
 
144             208.46.0.0
199             65.114.0.0
347             208.45.0.0
462             65.118.0.0
486             65.119.0.0
702             208.44.0.0
----
2340		TOTAL Packets out of 2500 for 2 seconds
 
This is ICMP and TCP MS bad traffic for a 2500 packet
capture on a DS1 that is directly connected to Qwest.
Ergo, Qwest is the transit provider.  Capture period
was about 2 seconds.  ICK
 
According to Qwest Tech/Noc people they can't leave
filters up for more than 1 day.
 
Given that this worm has lasted more than 1 day, I'd
think its reasonable to leave filters up for say more
than one day ????
 
 
The other thing I learned from QWEST IP-NOC was that
it seems managment decided *NOT TO* filter packets related
to this worm issue at the edge......
 
john brown
AS 10480 and others



More information about the NANOG mailing list