[178954] in North American Network Operators' Group
Re: Getting hit hard by CHINANET
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Tue Mar 17 22:16:25 2015
X-Original-To: nanog@nanog.org
From: "Roland Dobbins" <rdobbins@arbor.net>
To: nanog@nanog.org
Date: Wed, 18 Mar 2015 09:16:11 +0700
In-Reply-To: <5490D6B8-C014-4A7A-9962-360A44BDBA06@arbor.net>
Errors-To: nanog-bounces@nanog.org
On 18 Mar 2015, at 9:13, Roland Dobbins wrote:
> Also, asking your upstreams/peers to block traffic sourced from this
> IP to your netblock(s) on their networks.
It would also be a good idea to ensure that your systems which are being
targeted aren't themselves compromised, and being used by miscreants as
botnet C&Cs or whatever. A lot of 'inexplicable' attacks are actually
internecine disputes amongst miscreants, with compromised systems under
the control of miscreant A being targeted by miscreant B - and the
legitimate owner/operator of the hosts in question has no idea that
they're compromised.
-----------------------------------
Roland Dobbins <rdobbins@arbor.net>
