Level3/GC: IMMEDIATE: Trace request on TCP SYN attack traffic towards

Kauto Huopio kauto at huopio.fi
Fri Dec 28 08:20:30 UTC 2012


(my work hat @ CERT-FI on, work email kauto.huopio at ficora.fi)

Several Finnish media sites (www.yle.fi, www.mtv3.fi, www.hs.fi etc)
have been attacked since Dec 25th.

Current target is www.ampparit.com (  ISP reports
traffic originating from Level3 transit. Traffic is > 2 Mpps TCP SYN.

I'd like to request immediate trace support - we suspect this is a
very small source
footprint DOS. All observations to cert at ficora.fi, cc: to me at work
address above.

Kauto Huopio - kauto at huopio.fi

More information about the NANOG mailing list