nanog mailing list archives
Re: relays.osirusoft.com
From: "Michael K. Smith" <mksmith () noanet net>
Date: Tue, 26 Aug 2003 17:36:45 -0700
On 8/26/03 4:45 PM, "Matthew Sullivan" <matthew () sorbs net> wrote:
George William Herbert wrote:Yes, this is due to a massive DDOS. At least three of the spamfilter BLs have been so attacked this week. Some of the networks represented here have not been as timely about helping the BL providers with the DDOSes as they could be. Please keep in mind that without dynamic BLs anti-spam folks will fall back to sending out static block maps, which getting your IP space out of will be difficult if not impossible. IT IS VERY MUCH IN NETWORK OPERATORS BEST INTEREST THAT THIS NOT HAPPEN. Please take what measures are necessary to help ensure that your customers are not intentionally or neglegently DDOSing the BLs.Well said George, I have been one of the recepients of the DDoS attacks. If people see non DNS UDP traffic or non Type 3 ICMP traffic aimed at 203.15.51.32/27 it is likely DDoS traffic. Currently I still have at least one IP in that range Null Routed by upstreams. SORBS may have to implement a subscription model soon to fund more hosts around the world if the DDoS's continue, I am desperately trying to avoid it, should it become nessessary it will be for the +50k queries/day users out there. The point is SORBS is funded soley by myself and through hosting dontations - I have 5 public secondaries donated currently, and I cannot afford, personally, any DDoS proofing other than that I have now. I know of at least 3 other DNSbls that are experiencing DDoS issues, and one DNSbl operator that is scared stiff of DDoS. Yours Mat Note: If anyone wants to talk about SORBS, public secondaries, donations, policy etc... this is not the forum, please contact me off list.
Hello: If you and others are experiencing DDOS attacks it would be a good idea to get the affected IP's on to the various lists associated with the tracking of such events. If you would like me to post them, I would be happy to do so. Please let me know the IP blocks, other than the one mentioned above, and I will post them to the lists. Thanks, Mike -- Michael K. Smith NoaNet 206.219.7116 (work) 206.579.8360 (cell) mksmith () noanet net http://www.noanet.net
Current thread:
- relays.osirusoft.com Richard Welty (Aug 26)
- Re: relays.osirusoft.com Gary E. Miller (Aug 26)
- Re[2]: relays.osirusoft.com Richard Welty (Aug 26)
- Re: relays.osirusoft.com Nathan J. Mehl (Aug 27)
- Re: relays.osirusoft.com Chris Woodfield (Aug 27)
- Re[2]: relays.osirusoft.com Richard Welty (Aug 27)
- Re[2]: relays.osirusoft.com Richard Welty (Aug 26)
- Re: relays.osirusoft.com Crist Clark (Aug 26)
- Re: relays.osirusoft.com michael (Aug 26)
- Re: relays.osirusoft.com Gary E. Miller (Aug 26)
- <Possible follow-ups>
- Re: Re[2]: relays.osirusoft.com George William Herbert (Aug 26)
- Re: relays.osirusoft.com Matthew Sullivan (Aug 26)
- Re: relays.osirusoft.com Michael K. Smith (Aug 26)
- Re: Re[2]: relays.osirusoft.com Paul Vixie (Aug 27)
- Re: Re[2]: relays.osirusoft.com jlewis (Aug 27)
- Re: Re[2]: relays.osirusoft.com Margie (Aug 27)
- Re: relays.osirusoft.com Matthew Sullivan (Aug 27)
- Re: relays.osirusoft.com Iljitsch van Beijnum (Aug 27)
- Re: relays.osirusoft.com Vadim Antonov (Aug 28)
- Re: relays.osirusoft.com Matthew Sullivan (Aug 26)