[55774] in North American Network Operators' Group
Re: probable DDOS to 195.238.3.33
daemon@ATHENA.MIT.EDU (Daniel Roesen)
Mon Feb 10 15:39:16 2003
Date: Mon, 10 Feb 2003 21:31:37 +0100
From: Daniel Roesen <dr@cluenet.de>
To: nanog@merit.edu
Mail-Followup-To: nanog@merit.edu
In-Reply-To: <4EE2F983A19E9D4DAD0CDBC8C914ADD8013E29BF@eahq-mb3.rws.ad.ea.com>; from TBulger@ea.com on Mon, Feb 10, 2003 at 12:05:55PM -0800
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, Feb 10, 2003 at 12:05:55PM -0800, Bulger, Tim wrote:
> We're seeing packets with spoofed source addresses destined to
> 195.238.3.33 getting dropped on firewalls at several locations going
> outbound. Googling has turned up nothing relating to that destination
> IP address.
inetnum: 195.238.0.0 - 195.238.31.255
netname: SKYNET-B
descr: Belgacom Skynet SA/NV
descr: Internet access provider
descr: A subsidiary of BELGACOM SA/NV
country: BE
route: 195.238.0.0/19
descr: Belgacom Skynet SA/NV
origin: AS5432
notify: noc@skynet.be
$ host irc.skynet.be
irc.skynet.be. is an alias for chick.skynet.be.
chick.skynet.be. has address 195.238.0.13
Well, close... :-P
You might want to contact noc@skynet.be...
Regards,
Daniel
