[109512] in North American Network Operators' Group
RE: DOS attack assistance?
daemon@ATHENA.MIT.EDU (Darrell Hyde)
Wed Nov 26 06:50:11 2008
From: Darrell Hyde <DHyde@HostMySite.com>
To: NANOG <nanog@nanog.org>
Date: Wed, 26 Nov 2008 06:53:11 -0500
In-Reply-To: <492D2707.5090505@templin.org>
Errors-To: nanog-bounces@nanog.org
>One of my customers, a host at 64.8.105.15, is feeling a "bonus"
>~130kpps from 88.191.63.28. I've null-routed the source, though our
>Engine2 GE cards don't seem to be doing a proper job of that,
>unfortunately. The attack is a solid 300% more pps than our aggregate
>traffic levels.
Null routing the source isn't going to stop the inbound packets from reachi=
ng the target of
the attack. All that's going to do is blackhole packets back to the attacke=
r from anyone hopping
through the router carrying the null route.
- Darrell
