DOS attack assistance?

Jay Coley j at
Wed Nov 26 10:50:39 UTC 2008

Hash: SHA1

Pete Templin wrote:
> One of my customers, a host at, is feeling a "bonus"
> ~130kpps from  I've null-routed the source, though our
> Engine2 GE cards don't seem to be doing a proper job of that,
> unfortunately.  The attack is a solid 300% more pps than our aggregate
> traffic levels.
> It's coming in via 6461, but they don't appear to have any ability to
> backtrack it.  Their only offer is to blackhole the destination until
> the attack subsides.  BGP tells me the source is in AS 12322, a RIPE AS
> that has little if any information publicly visible.
> Any pointers on what to do next?

If it's all coming from that single IP, just request that
your upstream block it.  Usually if you explain the situation to them
they'll oblige.

Otherwise you'll want to look at mitigation gear (Toplayer, Cisco, etc)
there are loads out there or you can look into a DDoS mitigation service.

The Contacts I can see for that ASN are

 role:           Technical Contact for ProXad
address:        Free SAS / ProXad
address:        8, rue de la Ville L'Eveque
address:        75008 Paris
phone:          +33 1 73 50 20 00
fax-no:         +33 1 73 92 25 69
remarks:        trouble:      Information:
remarks:        trouble:      Spam/Abuse requests: mailto:abuse at
admin-c:        RA999-RIPE
tech-c:         FG4214-RIPE
nic-hdl:        TCP8-RIPE
mnt-by:         PROXAD-MNT
source:         RIPE # Filtered
abuse-mailbox:  abuse at

Hope that helps!

- --J


Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla -


More information about the NANOG mailing list