nanog mailing list archives

Re: Denial of service attacks apparently from UUNET Netblocks

From: Joe Shaw <jshaw () insync net>
Date: Tue, 7 Oct 1997 09:30:01 -0500 (CDT)

On Tue, 7 Oct 1997, Karl Denninger wrote:

No.  This was a transmission of 1K packets and was not in the style of any
previously-seen attack that I'm aware of.  Its a new thing.

There was no attempt to SYN flood, or hit broadcast addresses, or use
source-routing.  All of that is protected against fairly well here.  This
was a simple "the machines are on a 10Mbps pipe, so hit them with 30Mbps of
traffic and flood their NIC ports to the point that they're useless".


That's exactly what we saw here as well, except we did see some broadcast
traffic.  They hit us with so much traffic that our 10Mbps link was
useless.  The offending sites I got were 192.195.100.1, 128.132.45.105,
167.152.96.78, but according to the customer they believe those to be
forged.  I'm almost certain that at least some of these sites had to be
used, as the source routed traffic should have been stopped at the router.
This did stop the traffic from coming through, but it didn't stop it from
killing the link once it got here.

Joe Shaw - jshaw () insync net
NetAdmin - Insync Internet Services

Current thread:

Re: Denial of service attacks apparently from UUNET Netblocks, (continued)
- - - Re: Denial of service attacks apparently from UUNET Netblocks Greg A. Woods (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks David Lesher (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks David Lesher (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks Karl Denninger (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks Joe Shaw (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks Brett Frankenberger (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks Karl Denninger (Oct 08)
- Re: Denial of service attacks apparently from UUNET Netblocks Doug Davis (Oct 06)
  - Re: Denial of service attacks apparently from UUNET Netblocks Dan Foster (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks Karl Denninger (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks Joe Shaw (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks Karl Denninger (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Barney Wolff (Oct 07)
  - Re: Denial of service attacks apparently from UUNET Netblocks Joe Shaw (Oct 08)
- Re: Denial of service attacks apparently from UUNET Netblocks Sean Donelan (Oct 07)
  - Re: Denial of service attacks apparently from UUNET Netblocks Sharif Torpis (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks Dale Drew (Oct 08)
  - Re: Denial of service attacks apparently from UUNET Netblocks Alex "Mr. Worf" Yuriev (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Sean Donelan (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Barney Wolff (Oct 08)
  - Re: Denial of service attacks apparently from UUNET Netblocks Justin W. Newton (Oct 08)

(Thread continues...)