[71662] in North American Network Operators' Group
Re: real-time DDoS help?
daemon@ATHENA.MIT.EDU (Charles Sprickman)
Sun Jun 20 19:24:07 2004
Date: Sun, 20 Jun 2004 19:19:53 -0400 (EDT)
From: Charles Sprickman <spork@inch.com>
To: nanog@merit.edu
In-Reply-To: <20040619220032.V42597@shell.inch.com>
Errors-To: owner-nanog-outgoing@merit.edu
Just following up with a bit more info.
While I have no way of knowing whether these IPs are the true source, and
there's likely more that I didn't capture in the short windows where the
router was up and exporting netflow data, this is what I have. If anyone
here is in charge of the following blocks, perhaps you might want to have
a look:
208.39.142 (comcast, business cable)
216.235.244 (e-xpedient)
218.244.162 (chinacom)
218.247.37 (china network connect)
61.48.80 (china network communications group)
62.231.65 (romania data systems)
Actually, looking at those sources, I'm betting they're not spoofed. :)
Thanks,
Charles
--
Charles Sprickman
spork@inch.com
On Sat, 19 Jun 2004, Charles Sprickman wrote:
> Howdy,
>
> Is there any place where people with experience dealing with DDoS attacks
> hang out? I'm getting very little assistance from my upstream beyond
> "call whomever is in charge of each IP attacking and make them stop", and
> "even though we null route the destination IP being attacked, this traffic
> will be billed".
