> > I just wanted to apologize for my pissy attitude. It wasn't you guys, > and you didn't deserve these responses. > > (the rest of this e-mail is off topic, so unless you're bored hit D) > > Some idiot out there keeps sending a hundred megabyte flood against a > customer of a customer. Our network handles it fine (my day job, not > netconsonance) but it so happens that this customer of a customer is on > the same DSL switch as I am, and it makes life hell for me too. So I > have to bring up my out of band access and try to nail this bleep-head. > > He's not randomizing source IPs, but he keeps moving from place to > place. And it's always early evening or early morning PST, so I think > the bleep is going to random well-connected internet cafes and doing > these attacks from there. > > Unfortunately, a hundred megabytes just doesn't make a blip on most > provider's radar (even ours), so it's pretty hard to trace backwards > before he's gone. > > The fact that it's consistently just before/after working hours PST > makes me hope that someday I'll figure out who he is and can go break > the bleeping kneecaps. > > -- > Jo Rhett
Jo Thank you for letting us know. As you more than likely already know.... ...I would encourage you to do consider several things here as realistically several federal and local laws are being broken here and others have resources that can have get your back to get this "idiot" asap. 1) heavily document everything you can in regards to ip addresses and times etc etc 2) contact the telephone company security and law enforcement people *and* super-techs to put some flags in the ATM or FRAME switches/clouds to look for high layer 2 utilization and dump the sniffer output to logs... they can look into the layer 2 and 3 packets in the switch software and see ip addresses etc too and they can trace faster with coordiations with other telcos if necessary 3) possibly consider contacting other law enforcement as necessary We have dealt with issues like this many times and we take note it at layer 3, document it, then get on the horn with super techs (if enough time) and have them document it too. A long time ago when a full T1 was bigtime, sometimes people would ping flood smaller ISP circuits making them unusable at layer 2 and the frame switches would simply do what they were programmed to do and drop the packets because a 256k port would be running at well over 100% capacity and almost every packet was discard eligible etc etc Best wishes - rh -- Robert - Abba Communications Computer & Internet Services (509) 624-7159 - www.abbacomm.net
