real-time DDoS help?

• Previous message (by thread): real-time DDoS help?
• Next message (by thread): real-time DDoS help?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Just following up with a bit more info.

While I have no way of knowing whether these IPs are the true source, and
there's likely more that I didn't capture in the short windows where the
router was up and exporting netflow data, this is what I have.  If anyone
here is in charge of the following blocks, perhaps you might want to have
a look:

208.39.142 (comcast, business cable)
216.235.244 (e-xpedient)
218.244.162 (chinacom)
218.247.37 (china network connect)
61.48.80 (china network communications group)
62.231.65 (romania data systems)

Actually, looking at those sources, I'm betting they're not spoofed. :)

Thanks,

Charles

--
Charles Sprickman
spork at inch.com


On Sat, 19 Jun 2004, Charles Sprickman wrote:

> Howdy,
>
> Is there any place where people with experience dealing with DDoS attacks
> hang out?  I'm getting very little assistance from my upstream beyond
> "call whomever is in charge of each IP attacking and make them stop", and
> "even though we null route the destination IP being attacked, this traffic
> will be billed".

• Previous message (by thread): real-time DDoS help?
• Next message (by thread): real-time DDoS help?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]