[192552] in North American Network Operators' Group
Re: Syn flood to TCP port 21 from priveleged port (80)
daemon@ATHENA.MIT.EDU (Ken Chase)
Tue Nov 1 22:25:52 2016
X-Original-To: nanog@nanog.org
Date: Tue, 1 Nov 2016 19:59:24 -0400
From: Ken Chase <math@sizone.org>
To: Selphie Keller <selphie.keller@gmail.com>
In-Reply-To: <20161101222126.GC1334@sizone.org>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Most of those networks are served by Prolexic DDOS mitigation (AS 32787),
and according to BGPlay have been for a while. (AS carrying untoward material,
like a Tor exit node or onion router?)
But a couple /24s in the 95.* block are AS14537 Mohawk Internet Tech. in
Quebec Canada such as 95.131.188.0/24 - unintended target? (careful who you
buy /24's from!)
So the only target being affected would be Mohawk unless they're setup to handle it.
/kc
--
Ken Chase - math@sizone.org Guelph Canada
