[148258] in North American Network Operators' Group
Misreporting abuse,
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Fri Jan 6 20:48:50 2012
Date: Fri, 6 Jan 2012 20:47:49 -0500
From: Christopher Morrow <christopher.morrow@gmail.com>
To: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
[ABUSE] Attack comming from IP 90.185.110.92 to 189.1.164.138
So... FireSlayer, did you get a cold? or perhaps have too much to
drink? sending reports of what looks like CoD4:
16:36:58.728250 IP 90.185.110.92.27005 > 189.1.172.238.28960: UDP, length 14
16:36:58.741473 IP 90.185.110.92.27005 > 189.1.169.243.28922: UDP, length 14
16:36:58.754083 IP 90.185.110.92.27005 > 189.1.164.56.28947: UDP, length 14
server traffic to your customers is cool, it's not so cool if you send
the reports to the wrong origin asn... AS15169 doesn't actually
originate 90.185.110.0/24, it looks to me like:
AS39554 | 90.185.110.0 | FULLRATE Fullrate A/S
probably does though... I'm not sure what math tricks you may have
tried, but 39554 is in no way like 15169. Could you take some time to
disable your report generation canon and fix it before re-enabling it?
I'm not the only person getting mis-fired reports, if you want to help
everyone please turn off the canon.
thnx!
-chris
(note, we've asked privately, you don't seem to respond/listen,
perhaps publicly noting this will get:
1) your attention
2) you to stop the insanity)
