RE: DOS Attack

2016-02-27 Thread Frank Bulk
Here are some threads: http://markmail.org/message/4hkuymimt54snpyi http://markmail.org/message/qc67dfw2zi224ciu http://markmail.org/message/2pqnaoru5gvxwyn5 Frank -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of K MEKKAOUI Sent: Saturday, February 27, 2016 10:

Re: DOS ATTACK ON BGP , LPTS ??

2012-02-06 Thread Peter Ehiwe
Thanks Roland, Does anyone have a recommended value for tuning LPTS based on experience ? Rgds Peter On Tue, Feb 7, 2012 at 7:45 AM, Dobbins, Roland wrote: > > On Feb 7, 2012, at 1:43 PM, Peter Ehiwe wrote: > > > What is the attacker spoofs the correct peering address , > > In that case, work wi

Re: DOS ATTACK ON BGP , LPTS ??

2012-02-06 Thread Dobbins, Roland
On Feb 7, 2012, at 1:37 PM, Peter Ehiwe wrote: > What is the best way to mitigate DOS attack against the bgp process of a > router , iACLs and CoPP:

Re: DOS attack assistance?

2008-11-27 Thread David Freedman
> Null routing the source isn't going to stop Except when doing source based blackholing, see http://tools.ietf.org/html/draft-kumari-blackhole-urpf-02 section #4 Dave.

Re: DOS attack assistance?

2008-11-26 Thread Max Larson Henry
Hi, Please look for proxad.fr <-- Free Free is an ADSL provider based in France and proxad is a hosting company (please give a look at the "dig -x" below) dig -x 88.191.63.28 ; <<>> DiG 9.5.0b2 <<>> -x 88.191.63.28 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, stat

RE: DOS attack assistance?

2008-11-26 Thread Darrell Hyde
>One of my customers, a host at 64.8.105.15, is feeling a "bonus" >~130kpps from 88.191.63.28. I've null-routed the source, though our >Engine2 GE cards don't seem to be doing a proper job of that, >unfortunately. The attack is a solid 300% more pps than our aggregate >traffic levels. Null routi

Re: DOS attack assistance?

2008-11-26 Thread Pete Templin
Mikael Abrahamsson wrote: Do you really call this "little if any information publically visible"? Nope, I was wrong about that. My search-fu on RIPE isn't up to snuff, apparently; hence the request for assistance. pt

Re: DOS attack assistance?

2008-11-26 Thread ポール・ロラン
Hello, On Wed, 26 Nov 2008 05:37:59 -0500 Pete Templin <[EMAIL PROTECTED]> wrote: > One of my customers, a host at 64.8.105.15, is feeling a "bonus" > ~130kpps from 88.191.63.28. I've null-routed the source, though our > Engine2 GE cards don't seem to be doing a proper job of that, > unfortun

Re: DOS attack assistance?

2008-11-26 Thread Jay Coley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pete Templin wrote: > One of my customers, a host at 64.8.105.15, is feeling a "bonus" > ~130kpps from 88.191.63.28. I've null-routed the source, though our > Engine2 GE cards don't seem to be doing a proper job of that, > unfortunately. The attack

Re: DOS attack assistance?

2008-11-26 Thread Mikael Abrahamsson
On Wed, 26 Nov 2008, Pete Templin wrote: It's coming in via 6461, but they don't appear to have any ability to backtrack it. Their only offer is to blackhole the destination until the attack subsides. BGP tells me the source is in AS 12322, a RIPE AS that has little if any information public