[109507] in North American Network Operators' Group
DOS attack assistance?
daemon@ATHENA.MIT.EDU (Pete Templin)
Wed Nov 26 05:38:08 2008
Date: Wed, 26 Nov 2008 05:37:59 -0500
From: Pete Templin <petelists@templin.org>
To: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
One of my customers, a host at 64.8.105.15, is feeling a "bonus"
~130kpps from 88.191.63.28. I've null-routed the source, though our
Engine2 GE cards don't seem to be doing a proper job of that,
unfortunately. The attack is a solid 300% more pps than our aggregate
traffic levels.
It's coming in via 6461, but they don't appear to have any ability to
backtrack it. Their only offer is to blackhole the destination until
the attack subsides. BGP tells me the source is in AS 12322, a RIPE AS
that has little if any information publicly visible.
Any pointers on what to do next?
Thanks,
Pete
