[61451] in North American Network Operators' Group
Hey, QWEST clean up your network
daemon@ATHENA.MIT.EDU (John Brown)
Thu Aug 28 23:27:07 2003
Date: Thu, 28 Aug 2003 21:25:42 -0600
From: John Brown <jmbrown@chagresventures.com>
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Seems like QWEST doesn't have any edge ACL's in place to deal
with this lovely worm issue.
Count Source Prexix, rounded up to a /16
144 208.46.0.0
199 65.114.0.0
347 208.45.0.0
462 65.118.0.0
486 65.119.0.0
702 208.44.0.0
----
2340 TOTAL Packets out of 2500 for 2 seconds
This is ICMP and TCP MS bad traffic for a 2500 packet
capture on a DS1 that is directly connected to Qwest.
Ergo, Qwest is the transit provider. Capture period
was about 2 seconds. ICK
According to Qwest Tech/Noc people they can't leave
filters up for more than 1 day.
Given that this worm has lasted more than 1 day, I'd
think its reasonable to leave filters up for say more
than one day ????
The other thing I learned from QWEST IP-NOC was that
it seems managment decided *NOT TO* filter packets related
to this worm issue at the edge......
john brown
AS 10480 and others
