nanog mailing list archives

Re: Team Cymru BGP bogon status ???

From: Scott Fisher <littlefishguy () gmail com>
Date: Sun, 31 Jan 2016 17:09:07 -0500

Everyone,

Our site totalhash.cymru.com experienced a DDOS hit and caused our main
route to be null routed by our upstream provider. Things are coming online
but the IP that is being attacked will remain down for the time being.
Reply to this thread with any questions.

Thanks,
Scott

On Sunday, January 31, 2016, Matthew Huff <mhuff () ox com> wrote:

Traceroute from Verizon Fios


macpro:~ mhuff$ traceroute 38.229.66.20

traceroute to 38.229.66.20 (38.229.66.20), 64 hops max, 52 byte packets

 1  firewall (10.1.1.1)  0.444 ms  0.191 ms  0.234 ms

 2  lo0-100.nycmny-vfttp-369.verizon-gni.net<
http://lo0-100.nycmny-vfttp-369.verizon-gni.net> (96.246.46.1)  58.317
ms  48.413 ms  67.140 ms

 3  t0-8-0-0.nycmny-lcr-21.verizon-gni.net<
http://t0-8-0-0.nycmny-lcr-21.verizon-gni.net> (130.81.16.100)  62.175
ms  63.223 ms

    t0-8-0-0.nycmny-lcr-22.verizon-gni.net<
http://t0-8-0-0.nycmny-lcr-22.verizon-gni.net> (130.81.16.102)  37.320 ms

 4  * * *

 5  0.ae2.br2.nyc4.alter.net<http://ae2.br2.nyc4.alter.net>
(140.222.229.93)  18.697 ms

    0.ae3.br2.nyc4.alter.net<http://ae3.br2.nyc4.alter.net>
(140.222.231.133)  3.791 ms

    0.ae1.br2.nyc4.alter.net<http://ae1.br2.nyc4.alter.net>
(140.222.229.91)  2.985 ms

 6  204.255.168.110 (204.255.168.110)  12.558 ms  14.904 ms  17.009 ms

 7  be2060.ccr41.jfk02.atlas.cogentco.com<
http://ccr41.jfk02.atlas.cogentco.com> (154.54.31.9)  17.248 ms  21.324
ms  16.526 ms

 8  * * *

 9  * * *

10  * * *

11  * * *

12  * * *

13  * * *

14  * * *

15  * * *

16  * * *

17  * * *

18  * * *

19  * * *


Traceroute via Lightpath


[root@burr ~]# traceroute -I 38.229.66.20

traceroute to 38.229.66.20 (38.229.66.20), 30 hops max, 60 byte packets

 1  switch-core1.ox.com<http://switch-core1.ox.com> (129.77.108.252)
0.376 ms  0.385 ms  0.432 ms

 2  switch-user2.ox.com<http://switch-user2.ox.com> (129.77.154.249)
0.424 ms  0.539 ms  0.571 ms

 3  rtr-inet1.ox.com<http://rtr-inet1.ox.com> (129.77.1.253)  0.480 ms
0.484 ms  0.488 ms

 4  189d20f9.cst.lightpath.net<http://189d20f9.cst.lightpath.net>
(24.157.32.249)  4.875 ms  4.952 ms  4.956 ms

 5  18267502.cst.lightpath.net<http://18267502.cst.lightpath.net>
(24.38.117.2)  4.951 ms  4.962 ms  4.963 ms

 6  hunt183-146.optonline.net<http://hunt183-146.optonline.net>
(167.206.183.146)  5.843 ms  5.625 ms  5.613 ms

 7  * * *

 8  be3030.ccr21.jfk04.atlas.cogentco.com<
http://ccr21.jfk04.atlas.cogentco.com> (154.54.11.249)  8.945 ms  9.234
ms  9.816 ms

 9  be2324.ccr41.jfk02.atlas.cogentco.com<
http://ccr41.jfk02.atlas.cogentco.com> (154.54.47.17)  6.456 ms  6.534
ms  6.533 ms

10  * * *

11  * * *

12  * * *

13  * * *

14  * * *

15  * * *

16  * * *

17  * * *

18  * * *

19  * * *

20  * * *

21  * * *

22  * * *

23  * * *

24  * * *

25  * * *

26  * * *

27  * * *

28  * * *

29  * * *

30  * * *

IPv6 vial Lightpath

[root@burr ~]# traceroute -I 2620:0:6b0::26e5:4207

traceroute to 2620:0:6b0::26e5:4207 (2620:0:6b0::26e5:4207), 30 hops max,
80 byte packets

 1  switch-core1.ox.com<http://switch-core1.ox.com>
(2620:0:2810:16c::fffd)  0.429 ms  0.534 ms  0.612 ms

 2  switch-user2.ox.com<http://switch-user2.ox.com>
(2620:0:2810:e002::253)  0.429 ms  0.532 ms  0.643 ms

 3  rtr-inet1.ox.com<http://rtr-inet1.ox.com> (2620:0:2810:101::fffd)
0.510 ms  0.515 ms  0.518 ms

 4  2607:fda8:8::2 (2607:fda8:8::2)  4.882 ms  4.889 ms  4.892 ms

 5  2607:fda8:2::2c (2607:fda8:2::2c)  71.000 ms  71.011 ms  71.014 ms

 6  2607:fda8:2::85 (2607:fda8:2::85)  5.868 ms  5.837 ms  5.823 ms

 7  * * *

 8  * * *

 9  * * *

10  * * *

11  * * *

12  * * *

13  * * *

14  * * *

15  * * *

16  * * *

17  * * *

18  * * *

19  * * *

20  * * *

21  * * *

22  * * *

23  * * *

24  * * *

25  * * *

26  * * *

27  * * *

28  * * *

29  * * *

30  * * *


On Jan 31, 2016, at 11:44 AM, Matthew Huff <mhuff () ox com <javascript:;>
<mailto:mhuff () ox com <javascript:;>>> wrote:

Starting around 7:17 am EST, we lost our IPv4 & IPv6  BGP connections to
Cymru. We have two connections in both IPv4 and IPv6 on both of our two
routers. On each router one connection is stuck in active, the other
providing 0 prefixes. I can’t get to http://www.team-cymru.org from
either work or home. Anyone know what’s up?


-- 
Scott

Current thread:

Team Cymru BGP bogon status ??? Matthew Huff (Jan 31)
- Re: Team Cymru BGP bogon status ??? Colin Johnston (Jan 31)
- Re: Team Cymru BGP bogon status ??? Daniel Corbe (Jan 31)
  - Re: Team Cymru BGP bogon status ??? Tom Storey (Jan 31)
- Re: Team Cymru BGP bogon status ??? Royce Williams (Jan 31)
  - Re: Team Cymru BGP bogon status ??? Scott Fisher (Jan 31)
- Re: Team Cymru BGP bogon status ??? Matthew Huff (Jan 31)
  - Re: Team Cymru BGP bogon status ??? Scott Fisher (Jan 31)
- Re: Team Cymru BGP bogon status ??? Rob Duffy (Jan 31)