Home page logo
/

nanog logo nanog mailing list archives

Hey, QWEST clean up your network
From: John Brown <jmbrown () chagresventures com>
Date: Thu, 28 Aug 2003 21:25:42 -0600



Seems like QWEST doesn't have any edge ACL's in place to deal
with this lovely worm issue.
 
Count           Source Prexix, rounded up to a /16
 
144             208.46.0.0
199             65.114.0.0
347             208.45.0.0
462             65.118.0.0
486             65.119.0.0
702             208.44.0.0
----
2340            TOTAL Packets out of 2500 for 2 seconds
 
This is ICMP and TCP MS bad traffic for a 2500 packet
capture on a DS1 that is directly connected to Qwest.
Ergo, Qwest is the transit provider.  Capture period
was about 2 seconds.  ICK
 
According to Qwest Tech/Noc people they can't leave
filters up for more than 1 day.
 
Given that this worm has lasted more than 1 day, I'd
think its reasonable to leave filters up for say more
than one day ????
 
 
The other thing I learned from QWEST IP-NOC was that
it seems managment decided *NOT TO* filter packets related
to this worm issue at the edge......
 
john brown
AS 10480 and others


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault