nanog mailing list archives
Re: Denial of service attacks apparently from UUNET Netblocks
From: Steve Mansfield <steve () nwnet net>
Date: Mon, 6 Oct 1997 09:18:52 -0700 (PDT)
Ladies and Gentlemen, This evening, at 11:45 PM CDT, a serious and severe denial of service attack was launched against MCSNet. The machines implicated individually as sources, so far, all appear to be MAX TNTs within UUNET's core. Examples are 207.76.40.175 and 207.76.57.161/164.
More specifically, TNT's in UUNET's New York dialup area: Name: e24.tnt16.nyc3.da.uu.net Address: 207.76.57.161 Name: e24.tnt19.nyc3.da.uu.net Address: 207.76.57.164 Name: tnt31.nyc3.da.uu.net Address: 207.76.40.175
This might indicate that either someone inside UUNET was responsible, or that someone has penetrated UUNET's internal security and compromised the source devices. As TNTs are typically connected to very-high-speed egress pathways, they would be quite capable of sourcing the data flows we saw this evening.
More likely, since these are going to be dynamically allocated addresses, it was a single UUNET customer dialing in multiple times (ISDN...) and slamming the bits at you.
If someone of these people HAD been available, we might have caught the perpetrator(s) in the act.
S'okay. Have the feds subpoena UUNET for the connect logs for these max'es. UUNET keeps the logs and is capable, given the exact time of the attack(s), of going through the logs, identifying exactly who it was, and if it's one of their customers, giving the personal info to the feds. If it's a reseller's customer, they can get the user info and forward it to the reseller and inform the feds who they need to talk to for the personal info. Whoever it was is as good as nailed. Steve Mansfield steve () nwnet net NorthWestNet Network Engineer 425-649-7467
Current thread:
- Denial of service attacks apparently from UUNET Netblocks Karl Denninger (Oct 06)
- Re: Denial of service attacks apparently from UUNET Netblocks Steve Mansfield (Oct 06)
- Re: Denial of service attacks apparently from UUNET Netblocks Phil Howard (Oct 06)
- Re: Denial of service attacks apparently from UUNET Netblocks Charles Sprickman (Oct 06)
- Re: Denial of service attacks apparently from UUNET Netblocks James_deleskie (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Greg A. Woods (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Dale Drew (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Eric Wieling (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Adrian Bool (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Alex Przekupowski (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks John A. Tamplin (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Mike Diehn (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Phil Howard (Oct 06)
- Re: Denial of service attacks apparently from UUNET Netblocks Steve Mansfield (Oct 06)