DDOS Today?

• Previous message (by thread): DDOS Today?
• Next message (by thread): DDOS Today?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am still trying to confirm what happened, but it looks like we got whacked today.

Around 2:35 EST all our BGP peers dropped pretty much at the same time.  Our mrtg systems have all fallen over too - so I can't confirm a
traffic spike.

Anybody else?

Dan.


Greg Valente wrote:

> I just got on today.
> Was there any large DDOS attacks today.
> Any specific networks impacted?
>
> -----Original Message-----
> From: Jeroen Massar [mailto:jeroen at unfix.org]
> Sent: Friday, October 10, 2003 8:16 PM
> To: 6bone at ISI.EDU; nanog at merit.edu
> Subject: Reserved ASN 64702, 6to4, 2 ghosts, other oddities and still no
> working contacts...
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Checking http://www.sixxs.net/tools/grh/lg/?show=bogons&find=::/0
>
> People might want to filter on private ASN's also
> when that ASN is being used as "transit"...
>
> 2001:a40::/32 AS64702 is reserved (path: 15516 3257 2497 4697 2914 10109 4538 4787 64702 20646 8763 5539 1930 9186) Ghost Route (14/12)
> 3ffe:3500::/24   3ffe:4005:fefe::     25396 1752 10109 4538 4787 64702 20646 8319
>
> We still have these 6to4 specifics btw:
> 2002:c2b1:d06e::/48      More specific 6to4 prefix (194.177.208.110/32) from AS5408
> 2002:c8a2::/33           More specific 6to4 prefix (200.162.0.0/17) from AS15180
> 2002:c8c6:4000::/34      More specific 6to4 prefix (200.198.64.0/18) from AS15180
> 2002:c8ca:7000::/36      More specific 6to4 prefix (200.202.112.0/20) from AS15180
>
> And nopes, no contact has been made yet, apparently having
> your email address listed in the registry frees you of any
> obligations...
>
> Another funny one:
> 3ffe:3::/32              Subnet of 3ffe::/24 Mismatching origin ASN,
>                          should be 4555 (now: 29216)
> While there also is an announcement for:
> 2001:7fe::/32            I-rootserver-net-20030916
>
> The ghosts of this month:
> 3ffe:1f00::/24
> 3ffe:2400::/24
> Both with "10318 5623" common in their paths, obvious isn't it ?
>
> Oh and yes, still no contact from anybody at nortel, apparently
> that company doesn't know what IPv6 is. AS10318 (check above also)
> is still announcing *their* block and still haven't made any comment
> or reply back whatsoever. AS10318 have their own pTLA but apparently
> are not contactable for that pTLA either. If anybody knows someone
> alive for 3ffe:1300::/24 or AS762 or AS10318 please notify them.
>
> Maybe posting to nanog raises some people from sleep. Mailing
> the whois contacts directly doesn't help apparently.
>
> Greets,
>  Jeroen
>
> -----BEGIN PGP SIGNATURE-----
> Version: Unfix PGP for Outlook Alpha 13 Int.
> Comment: Jeroen Massar / jeroen at unfix.org / http://unfix.org/~jeroen/
>
> iQA/AwUBP4dLximqKFIzPnwjEQKluACglQJ+2QtJZ6O2fJZShwxLe0Z6Fz8AnRym
> p0Clq/HyC9EoC/RsaYudqZey
> =XBo4
> -----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20031011/733300ef/attachment.html>

• Previous message (by thread): DDOS Today?
• Next message (by thread): DDOS Today?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]