[53859] in North American Network Operators' Group
Re: Odd DDoS, anyone else seen this?
daemon@ATHENA.MIT.EDU (bdragon@gweep.net)
Fri Nov 29 18:37:26 2002
To: variable@ednet.co.uk
Date: Fri, 29 Nov 2002 18:35:39 -0500 (EST)
Cc: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0211251330340.23339-100000@pachabel.ednet.co.uk> from "variable@ednet.co.uk" at Nov 25, 2002 01:45:08 PM
From: <bdragon@gweep.net>
Errors-To: owner-nanog-outgoing@merit.edu
> Looked just like a regular SYN flood to the target IP. Not sure why they
> picked source addresses that were so obviously bogus though.
>
> Can anyone think of a reason why this sort of traffic should be routed at
> all? Does anyone actually drop hosts on to addresses ending in x.x.x.0?
x.x.0.0 is a valid ip address for networks with bit lengths of 0 through 15.
And yes, folks do use /32 and /31 addresses which end in .0.
> Rich
