Home page logo
/

nanog logo nanog mailing list archives

Re: How much longer..
From: Matthew Sullivan <matthew () sorbs net>
Date: Thu, 14 Aug 2003 07:46:09 +1000


Len Rose wrote:

How much longer will people put up with the millions of dollars of losses in time, resources and service inflicted on the net by the joke vulnerabilities in the toy operating system known as Windows? Enough is Enough.

Sure, let's just filter everything..all service providers
please become M$'s virtual firewall now please.

Haven't you windows lamers learned anything yet?
You could of course just filter spoofed traffic, which would then stop a
lot of the DDoS attack that I'm suffering with.

For the second time in 2 weeks, 2 of my IPs have been null routed at the
USA -> Australia  International links because of a massive DDoS attack.

If anyone is seeing traffic directed at: 203.15.51.34 203.15.51.44 or
216.168.20.77 and 216.168.20.77 (the latter 2 not being my hosts but
seeing DDoS traffic as well) you might be well advise to
shutdown/disconnect the machines as they are likely hacked and/or trojaned.

Last attack was a mixture of SYN flood (which has virtually no effect
here), 1k packets  UDP send at a high volume from distributed machines
all aimed at ports arounf 1024.  ICMP echo floods, and bogus DNS
requests from hosts with the IP: 'x.x.0.0'

Obviously some of the floods are not using sppoofed addresses, but I am
really at a loss to see why I see _any_ spoofed traffic, I would have
expected ISPs out there to be filtering traffic not from their networks
by default nowadays.  I must just be nieve.

Yours

Mat




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault