nanog mailing list archives

Re: real-time DDoS help?

From: Charles Sprickman <spork () inch com>
Date: Sun, 20 Jun 2004 19:19:53 -0400 (EDT)


Just following up with a bit more info.

While I have no way of knowing whether these IPs are the true source, and
there's likely more that I didn't capture in the short windows where the
router was up and exporting netflow data, this is what I have.  If anyone
here is in charge of the following blocks, perhaps you might want to have
a look:

208.39.142 (comcast, business cable)
216.235.244 (e-xpedient)
218.244.162 (chinacom)
218.247.37 (china network connect)
61.48.80 (china network communications group)
62.231.65 (romania data systems)

Actually, looking at those sources, I'm betting they're not spoofed. :)

Thanks,

Charles

--
Charles Sprickman
spork () inch com


On Sat, 19 Jun 2004, Charles Sprickman wrote:

Howdy,

Is there any place where people with experience dealing with DDoS attacks
hang out?  I'm getting very little assistance from my upstream beyond
"call whomever is in charge of each IP attacking and make them stop", and
"even though we null route the destination IP being attacked, this traffic
will be billed".

Current thread:

Re: real-time DDoS help?, (continued)
- - - Re: real-time DDoS help? Bubba Parker (Jun 22)
    - Re: real-time DDoS help? Tim Brown (Jun 22)
    - Re: to irc or not to irc Matthew McGehrin (Jun 22)
    - Re: real-time DDoS help? James (Jun 22)
    - Re: real-time DDoS help? Steve Gibbard (Jun 22)
    - Re: real-time DDoS help? Jonathan M. Slivko (Jun 22)
    - Re: real-time DDoS help? Charles Sprickman (Jun 22)
- Re: real-time DDoS help? Rubens Kuhl Jr. (Jun 19)
- Re: real-time DDoS help? Michael Loftis (Jun 19)
- Re: real-time DDoS help? Mike Lewinski (Jun 19)
- Re: real-time DDoS help? Charles Sprickman (Jun 20)
- Re: real-time DDoS help? Daniel Golding (Jun 22)