nanog mailing list archives
Re: real-time DDoS help?
From: Charles Sprickman <spork () inch com>
Date: Sun, 20 Jun 2004 19:19:53 -0400 (EDT)
Just following up with a bit more info. While I have no way of knowing whether these IPs are the true source, and there's likely more that I didn't capture in the short windows where the router was up and exporting netflow data, this is what I have. If anyone here is in charge of the following blocks, perhaps you might want to have a look: 208.39.142 (comcast, business cable) 216.235.244 (e-xpedient) 218.244.162 (chinacom) 218.247.37 (china network connect) 61.48.80 (china network communications group) 62.231.65 (romania data systems) Actually, looking at those sources, I'm betting they're not spoofed. :) Thanks, Charles -- Charles Sprickman spork () inch com On Sat, 19 Jun 2004, Charles Sprickman wrote:
Howdy, Is there any place where people with experience dealing with DDoS attacks hang out? I'm getting very little assistance from my upstream beyond "call whomever is in charge of each IP attacking and make them stop", and "even though we null route the destination IP being attacked, this traffic will be billed".
Current thread:
- Re: real-time DDoS help?, (continued)
- Re: real-time DDoS help? Bubba Parker (Jun 22)
- Re: real-time DDoS help? Tim Brown (Jun 22)
- Re: to irc or not to irc Matthew McGehrin (Jun 22)
- Re: real-time DDoS help? James (Jun 22)
- Re: real-time DDoS help? Steve Gibbard (Jun 22)
- Re: real-time DDoS help? Jonathan M. Slivko (Jun 22)
- Re: real-time DDoS help? Charles Sprickman (Jun 22)