[46942] in North American Network Operators' Group
New DoS attack affecting small NAT devices?
daemon@ATHENA.MIT.EDU (Donn Lasher)
Thu Apr 18 12:13:21 2002
Message-Id: <5.1.0.14.2.20020418090548.00b6b408@mail.clearskynet.net>
Date: Thu, 18 Apr 2002 09:12:39 -0700
To: NANOG <nanog@merit.edu>
From: Donn Lasher <dlasher@clearskynet.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Errors-To: owner-nanog-outgoing@merit.edu
I don't have more specific information yet, however, just wanted to poll
the crowd.
Is anyone seeing any recent Denial of Service / Probes affecting NAT
devices started in the last couple days / weeks?
Starting Tuesday night, we started getting complaints from customers in a
specific net block of our network, all of whom were running small
"personal" firewalls (Netgear, linksys etc) about:
1. able to send, but not get email
2. able to browse 1% of web pages
3. able to ping / traceroute just fine.
pages would load a tiny bit then stall. when they step out from behind the
firewall, even using the same IP address the firewall used, they are fine,
IE all services.
Of the probably 150 customers in that netblock, only 8 of them called with
these symptoms, the rest are working fine.
I'll have sniffer logs later today, but just wanted to see if anyone else
had run into this recently.
Feel free to reply offline.
-donn
