[63482] in North American Network Operators' Group
CCO/cisco.com issues.
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Mon Oct 6 17:02:49 2003
Date: Mon, 6 Oct 2003 14:01:31 -0700
From: Roland Dobbins <rdobbins@cisco.com>
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Folks,
We've been handling a multi-vector DDoS - 40-byte spoofed SYN-flooding
towards www.cisco.com (198.133.219.25/32) as well as an HTTP-AUTH
resource-exhaustion attack, and working these issues with our
upstreams. Our apologies for any inconveniences, and our thanks to
those who've assisted in tracing and blocking the spoofed traffic.
We're continuing the work the issue, and would be grateful if operators
would check for 40-byte spoofed TCP headed towards 198.133.219.25/32
and trace/block it as warranted. Your patience and understanding are
greatly appreciated.
Thanks!
-------------------------------------------------------------
Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice
