[61572] in North American Network Operators' Group
On the back of other 'security' posts....
daemon@ATHENA.MIT.EDU (Matthew Sullivan)
Sat Aug 30 06:24:17 2003
Date: Sat, 30 Aug 2003 20:17:39 +1000
From: Matthew Sullivan <matthew@sorbs.net>
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Hi All,
On the back of the latest round of security related posts, anyone notice
the 50% packet loss (as reported to me) across the USA -> NZ links
around lunchtime (GMT+10) today?
Yet more spoofed traffic aimed at the SORBS nameservers - this time
enough to crash a core router of my upstream... Hopefully the
commercial damage now may insite people getting damaged by these DDoSes
to start proceedings against those ISPs whom continue to show a lack of
respobsibility and allow unfiltered spoofed DDoS traffic from their
networks. Certainly I have been told to talk to various US authorities
about the problem, and will be doing so as soon as I have the nessesary
information.
In the mean time a plea to people on this list in all countries - watch
for the DDoS attacks (particually against 203.15.51.33, 203.15.51.35,
203.15.51.44 & 203.101.254.254) and stop the damn traffic before you are
held responsible for your customers actions. There is still a 10k pps
SYN flood occuring 8 hours later - this is being rate limited upstream.
..and if the perps are on this list, keep going if you want, the more
you do the more likely you'll get caught. You will not force SORBS off
the net like you have Osirusoft. I and SORBS will leave when we are
good and ready, and not because of some infantile spotty faced 15 year
old nerd without a clue on life.
/ Mat
