[60536] in North American Network Operators' Group
Re: How much longer..
daemon@ATHENA.MIT.EDU (Matthew Sullivan)
Wed Aug 13 17:48:12 2003
Date: Thu, 14 Aug 2003 07:46:09 +1000
From: Matthew Sullivan <matthew@sorbs.net>
To: nanog@merit.edu
In-Reply-To: <20030813170715.GC10568@netsys.com>
Errors-To: owner-nanog-outgoing@merit.edu
Len Rose wrote:
>How much longer will people put up with the millions of
>dollars of losses in time, resources and service inflicted
>on the net by the joke vulnerabilities in the toy operating
>system known as Windows? Enough is Enough.
>
>Sure, let's just filter everything..all service providers
>please become M$'s virtual firewall now please.
>
>Haven't you windows lamers learned anything yet?
>
>
You could of course just filter spoofed traffic, which would then stop a
lot of the DDoS attack that I'm suffering with.
For the second time in 2 weeks, 2 of my IPs have been null routed at the
USA -> Australia International links because of a massive DDoS attack.
If anyone is seeing traffic directed at: 203.15.51.34 203.15.51.44 or
216.168.20.77 and 216.168.20.77 (the latter 2 not being my hosts but
seeing DDoS traffic as well) you might be well advise to
shutdown/disconnect the machines as they are likely hacked and/or trojaned.
Last attack was a mixture of SYN flood (which has virtually no effect
here), 1k packets UDP send at a high volume from distributed machines
all aimed at ports arounf 1024. ICMP echo floods, and bogus DNS
requests from hosts with the IP: 'x.x.0.0'
Obviously some of the floods are not using sppoofed addresses, but I am
really at a loss to see why I see _any_ spoofed traffic, I would have
expected ISPs out there to be filtering traffic not from their networks
by default nowadays. I must just be nieve.
Yours
Mat
