nanog mailing list archives
DOS attack assistance?
From: Pete Templin <petelists () templin org>
Date: Wed, 26 Nov 2008 05:37:59 -0500
One of my customers, a host at 64.8.105.15, is feeling a "bonus" ~130kpps from 88.191.63.28. I've null-routed the source, though our Engine2 GE cards don't seem to be doing a proper job of that, unfortunately. The attack is a solid 300% more pps than our aggregate traffic levels.
It's coming in via 6461, but they don't appear to have any ability to backtrack it. Their only offer is to blackhole the destination until the attack subsides. BGP tells me the source is in AS 12322, a RIPE AS that has little if any information publicly visible.
Any pointers on what to do next? Thanks, Pete
Current thread:
- DOS attack assistance? Pete Templin (Nov 26)
- Re: DOS attack assistance? Mikael Abrahamsson (Nov 26)
- Re: DOS attack assistance? Pete Templin (Nov 26)
- Re: DOS attack assistance? Jay Coley (Nov 26)
- Re: DOS attack assistance? ポール・ロラン (Nov 26)
- RE: DOS attack assistance? Darrell Hyde (Nov 26)
- Re: DOS attack assistance? David Freedman (Nov 27)
- Re: DOS attack assistance? Max Larson Henry (Nov 26)
- Re: DOS attack assistance? Mikael Abrahamsson (Nov 26)