[25590] in North American Network Operators' Group
Re: Interesting - No reaction to a smurf
daemon@ATHENA.MIT.EDU (Matthew Petach)
Thu Oct 21 14:58:52 1999
From: Matthew Petach <mpetach@netflight.com>
Message-Id: <199910211820.LAA18484@falcon.netflight.com>
To: rirving@onecall.net (Richard Irving)
Date: Thu, 21 Oct 1999 11:20:12 -0700 (PDT)
Cc: nanog@merit.edu, jared@puck.nether.net
In-Reply-To: <380F44C5.ED37D70E@onecall.net> from "Richard Irving" at Oct 21, 99 11:52:21 am
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
> We currently have an ongoing attack, and cannot get
> a directly adjacent network to respond.
> (Participate in a traceback)
> The list at puck.nether.net has a few errors....
> Jared: The following phone number is disconnected:
> Concentric Network Corp.
> internex.net, concentric.net, concentric.com
> 2828
> +1 408 327 2470
Cool! I love it when we find these things out from
external sources. :( :(
I'll put a bee in the bonnet of the folks at work to
track this down and get it operational again.
> noc@internex.net
> The phone number appears to be no longer operational.
> The email gets an auto-responder.
> We have not received a human response to an "urgent" in over
> 24 hours.
> :(
If you are a peer of ours, please send correspondance to
"peering@concentric.net" -- that actually hits the clueful
people. If for some reason that address gives errors, send
it to "peering@internex.net". That second address isn't
supposed to exist anymore, of course, but it's always good
to have a second channel in case the primary fails. :)
> We have an ongoing attack that has been running for over 48
> hours total so far.......
> Would someone with Concentrics (IP Clueful) Security
> please contact me!
> (And while you are at it, please update puck's NOC contact
> list)
How does one do that...I see a form for adding a new entry,
but I don't see a form for updating an existing entry. :(
> You appear to have a script kiddie pointing smurf at a
> downstream.
Please send as much of the relevant information on the attack
as you can to peering@concentric.net, and we will work with
you on tracking it down. Please include which peering location
you are seeing the traffic from, and destination IPs that are
being hit.
> Thanks!
> Richard Irving
> One Call Communications, Inc.
You're welcome--sorry it had to come to a public forum like this. :(
Matt Petach
(from home, representing me and my bathrobe at the moment, and not
much else.)
