[191774] in North American Network Operators' Group
Re: Krebs on Security booted off Akamai network after DDoS attack
daemon@ATHENA.MIT.EDU (Florian Weimer)
Tue Sep 27 07:08:31 2016
X-Original-To: nanog@nanog.org
From: Florian Weimer <fw@deneb.enyo.de>
To: Mark Andrews <marka@isc.org>
Date: Tue, 27 Sep 2016 13:08:19 +0200
In-Reply-To: <20160926234142.6E7705515473@rock.dv.isc.org> (Mark Andrews's
message of "Tue, 27 Sep 2016 09:41:42 +1000")
Cc: John Levine <johnl@iecc.com>, "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
* Mark Andrews:
> Dear customer,
> we are seeing <xxxx> traffic coming from your network.
>
> If you need help isolating the source of the traffic here are a few
> companies in your city that can help you.
>
> <list of companies>
>
> This is not a exhaustive list.
>
> Support
We already had the problem in the past that customer notifications for
compromised machines (with confirmed loss of user data, not just
sourcing unexpected packets) looked like advertisements for antivirus
products. To most customers, this looks like just another scam.
