Level3/GC: IMMEDIATE: Trace request on TCP SYN attack traffic towards 217.149.58.35

Kauto Huopio kauto at huopio.fi
Fri Dec 28 08:20:30 UTC 2012


Greetings,

(my work hat @ CERT-FI on, work email kauto.huopio at ficora.fi)

Several Finnish media sites (www.yle.fi, www.mtv3.fi, www.hs.fi etc)
have been attacked since Dec 25th.

Current target is www.ampparit.com (217.149.58.35).  ISP reports
traffic originating from Level3 transit. Traffic is > 2 Mpps TCP SYN.

I'd like to request immediate trace support - we suspect this is a
very small source
footprint DOS. All observations to cert at ficora.fi, cc: to me at work
address above.

-- 
Kauto Huopio - kauto at huopio.fi



More information about the NANOG mailing list