Level3/GC: IMMEDIATE: Trace request on TCP SYN attack traffic towards 18.104.22.168
kauto at huopio.fi
Fri Dec 28 08:20:30 UTC 2012
(my work hat @ CERT-FI on, work email kauto.huopio at ficora.fi)
Several Finnish media sites (www.yle.fi, www.mtv3.fi, www.hs.fi etc)
have been attacked since Dec 25th.
Current target is www.ampparit.com (22.214.171.124). ISP reports
traffic originating from Level3 transit. Traffic is > 2 Mpps TCP SYN.
I'd like to request immediate trace support - we suspect this is a
very small source
footprint DOS. All observations to cert at ficora.fi, cc: to me at work
Kauto Huopio - kauto at huopio.fi
More information about the NANOG