[159189] in North American Network Operators' Group

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Level3/GC: IMMEDIATE: Trace request on TCP SYN attack traffic towards

daemon@ATHENA.MIT.EDU (Kauto Huopio)
Fri Dec 28 03:21:06 2012

From: Kauto Huopio <kauto@huopio.fi>
Date: Fri, 28 Dec 2012 10:20:30 +0200
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

Greetings,

(my work hat @ CERT-FI on, work email kauto.huopio@ficora.fi)

Several Finnish media sites (www.yle.fi, www.mtv3.fi, www.hs.fi etc)
have been attacked since Dec 25th.

Current target is www.ampparit.com (217.149.58.35).  ISP reports
traffic originating from Level3 transit. Traffic is > 2 Mpps TCP SYN.

I'd like to request immediate trace support - we suspect this is a
very small source
footprint DOS. All observations to cert@ficora.fi, cc: to me at work
address above.

-- 
Kauto Huopio - kauto@huopio.fi

home	help	back	first	fref	pref	prev	next	nref	lref	last	post