[168401] in North American Network Operators' Group
Re: About ddos-response@nfoservers.com
daemon@ATHENA.MIT.EDU (Alain Hebert)
Fri Jan 24 15:58:55 2014
Date: Fri, 24 Jan 2014 15:50:06 -0500
From: Alain Hebert <ahebert@pubnix.net>
CC: NANOG list <nanog@nanog.org>
In-Reply-To: <8CFB098F-1C79-4555-B21B-AACA4E9F74D0@puck.nether.net>
Reply-To: ahebert@pubnix.net
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi,
Well the abusers started to use burst and then switching targeted IP.
Last time I opened a ticket with GT-T/nLayer for a ~120Mbps NTP DDoS
Amplification "attempt" toward 2 of my IP's.
. after 2h, I called them directly to be told they lost my
original request;
. after 4h, got told it wasn't assigned yet;
. after 12h, they finally applied the filter as the amp attempt
stopped;
Based on that experience... why bother.
To give you an idea, in the past 4 days and 30m queries, I'm up to
1100 blocked targets on one of my DNS Servers.
-----
Alain Hebert ahebert@pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
On 01/24/14 09:36, Jared Mauch wrote:
> On Jan 24, 2014, at 9:22 AM, Alain Hebert <ahebert@pubnix.net> wrote:
>
>> Is there a [Spoofing Tracking Squad] out there?
>> ( We're on GT-T/nLayer/Tinet )
> You haven’t been able to get GTT/nLayer/TINet to track the traffic back?
>
> Details are welcome, either here or in private. There are plenty of people who will chase and fix this stuff when they’re aware of it.
>
> - Jared
>
