On 9/Dec/19 22:32, Florian Brandstetter via NANOG wrote:
>
> In any regard, <1 Gbps is pretty piss poor for an amplification attack
> too.
Must be nice :-)...
Mark.
see also: https://en.wikipedia.org/wiki/Smurf_attack
On Mon, Dec 9, 2019 at 12:09 PM ahmed.dala...@hrins.net <
ahmed.dala...@hrins.net> wrote:
> Dear All,
>
> My network is being flooded with UDP packets, Denial of Service attack,
> soucing from Cloud flare and Google IP Addresses, with 200-300
Hi,
> On 12/9/19 3:32 PM, Florian Brandstetter via NANOG wrote:
> "how much do I care?" part of the abuse team's line-up.
If people cared, they would have anti-spoofing filters in place. Most on this
list will agree that amplification attacks can be mitigated or at least
severely reduced by an
On 12/9/19 3:32 PM, Florian Brandstetter via NANOG wrote:
> In any regard, <1 Gbps is pretty piss poor for an amplification attack too.
But, as others have pointed out, plenty to knock a single subscriber, shared
access link (DOCSIS, wireless, or even well loaded GPON), or even a small
regional
Peace,
On Tue, Dec 10, 2019, 12:08 AM Mike Lewinski
wrote:
> My working theory is that with the Dec 3rd release of Halo Reach for PC,
> there are gamers attempting to lag, but not knock off, their opponents.
> This would be one reason to target adjacent unused addresses.
>
+1
Either this, or so
On Mon, Dec 9, 2019 at 4:08 PM Michael Sherlock
wrote:
>
> You asked what is being attacked
>
> IP addresses that are currently not assigned to end users
>
> And ip addresses assigned to end users
>
> End user= Home broadband customers
>
> We are not hosting any significant servers
I'm being uncl
> In any regard, <1 Gbps is pretty piss poor for an amplification attack too.
We've observed a customer receiving relative low volume attacks in the last
week (so low they didn't trigger our alarms).
My working theory is that with the Dec 3rd release of Halo Reach for PC, there
are gamers attem
On Mon, Dec 9, 2019 at 3:42 PM Michael Sherlock
wrote:
>
> Cristopher,
>
> Ip addresses that are not currently in use, and IP addresses that is
> currently used for CGNAT for end users
>
I'm 100% sure that those words mean something to you.. but not
operating your network they don't mean anythin
> My network is being flooded with UDP packets, Denial of Service
> attack, soucing from Cloud flare and Google IP Addresses
but, until nancy drew walks the attack back upstream step by step, you
really do not know it's coming from clodflare or gobble.
> the destination in my network are IP prefi
Hello,
you're forgetting if that was to be amplification, the source addresses would
not be within Google or CloudFlare ranges (especially not CloudFlare, as they
are not running a vulnerable recursor, and merely authoritative nameservers),
the only possibility would be Google as in Google Clou
I'm going to take a guess that ahmed is:
AS | BGP IPv4 Prefix | AS Name
198735 | 185.51.220.0/22 | HRINS-AS, IQ
198735 | 185.51.220.0/24 | HRINS-AS, IQ
198735 | 185.51.221.0/24 | HRINS-AS, IQ
198735 | 185.51.222.0/24 | HRINS-AS, IQ
198735 | 185.51.223.0/24 | HRIN
On which UDP port?
On 2019-12-09 15:07, ahmed.dala...@hrins.net wrote:
Dear All,
My network is being flooded with UDP packets, Denial of Service attack, soucing
from Cloud flare and Google IP Addresses, with 200-300 mbps minimum traffic,
the destination in my network are IP prefixes that is c
An additional 800 Mbps would severely constrain if not topple dozens if not
hundreds of ISPs I know.
-
Mike Hammett
Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
- Original Message -
From: "Filip Hruska"
To: nanog@nanog.org
Sent: Monday, D
For short term relief, you might consider asking your upstream provider to
block the unused IPs in your network that are being attacked. It may not get
everything, but it could drop the volume considerably. Just be sure that the
provider blocks them silently, without sending “no route to host” I
This is lame. They should be able to view NAT translation tables or
better yet have some method of watching flows.
Tim
On 12/9/19 12:11 PM, Christopher Morrow wrote:
> I'd note that: "what prefixes?" isn't answered here... like: "what is
> the thing on your network which is being attacked?"
>
>
Hello,
which attack protocol are seeing? I suspect you're seeing DNS based
amplification or similar, in which case you can't really pinpoint the attack
source...
800Mbps is not a whole lot of traffic - does it cause any disruptions to you?
If the prefixes are not in use, I would suggest the
I'd note that: "what prefixes?" isn't answered here... like: "what is
the thing on your network which is being attacked?"
On Mon, Dec 9, 2019 at 3:08 PM ahmed.dala...@hrins.net
wrote:
>
> Dear All,
>
> My network is being flooded with UDP packets, Denial of Service attack,
> soucing from Cloud f
Dear All,
My network is being flooded with UDP packets, Denial of Service attack, soucing
from Cloud flare and Google IP Addresses, with 200-300 mbps minimum traffic,
the destination in my network are IP prefixes that is currnetly not used but
still getting traffic with high volume.
The traffi
Anybody else is experiencing packet loss since last Tuesday across the AT&T
network in the L.A. area?
I'm seeing it coming from both Zayo and HE
8. ae2.cs1.lga5.us.zip.zayo.com
0.0% 153 17.
There's no need for speculation. Jared has already said in this thread that's
exactly what he was hired for.
https://www.youtube.com/watch?v=KXBKnAbW4hQ
-
Mike Hammett
Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
- Original Message -
From:
On 8/Dec/19 19:17, Rod Beck wrote:
> Last time I spoke with an Akamai engineer many years ago the network
> was purely transit. Is that evolving?
I believe Akamai are building, to a reasonable degree, an on-net backbone.
Mark.
21 matches
Mail list logo
