nanog mailing list archives
Under DDoS attack; what do I do now?
From: Chris Adams <cmadams () hiwaay net>
Date: Wed, 30 Aug 2000 12:22:14 -0500
We appear to be under a distributed denial of service attack. We are receiving 7.5+ megabits per second of ICMP traffic (it looks like a smurf attack) from all over to a single address (one that was in our dialup pool). We've taken the IP out of our pool and are routing it to a separate interface with a computer just setup to capture traffic. It isn't causing an immediate problem, since we've routed the traffic away, but what do we do next? We've been contacted by a couple of the people sending the ICMP replies complaining about us pinging them and told them about fixing distributed broadcast and they've said they'll look into it. What do we do to track this down? We've got four upstreams and the traffic appears to be coming in all four; do we need to call all of them? Is there any kind of organization that can help coordinate this? Thanks for any help you can give. -- Chris Adams <cmadams () hiwaay net> Systems and Network Administrator - HiWAAY Information Services I don't speak for anybody but myself - that's enough trouble.
Current thread:
- Under DDoS attack; what do I do now? Chris Adams (Aug 30)
- Re: Under DDoS attack; what do I do now? Joe Shaw (Aug 30)
- Re: Under DDoS attack; what do I do now? Jim Duncan (Aug 30)
- Re: Under DDoS attack; what do I do now? John Fraizer (Aug 30)