North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Level3 routing issues?
Yup - got that. I sent my post to nanog quite a while ago. Unfortunetly, it took a little while to come to life. :) Gee, I wonder why? We're doing some really cool blocking now. Now its time to get the custoemrs to secure their boxen. :) -Eric On Sat, 25 Jan 2003, Larry Rosenman wrote: > Date: Sat, 25 Jan 2003 03:44:39 -0600 > From: Larry Rosenman <[email protected]> > To: Eric Whitehill <[email protected]>, Andy Dills <[email protected]> > Cc: Alex Rubenstein <[email protected]>, hc <[email protected]>, > "[email protected]" <[email protected]> > Subject: Re: Level3 routing issues? > > MSSQL worm/DDOS/Exploit on UDP/1434 > > A bunch of us are blocking UDP/1434 destinations. > > > http://www.nextgenss.com/advisories/mssql-udp.txt > > Larry Rosenman > Internet America/PDQ.NET/neosoft.com > AS4278/AS3764 > > > --On Saturday, January 25, 2003 02:15:59 -0500 Eric Whitehill > <[email protected]> wrote: > > > > > Same here... > > > > My connecion with AADS has doubled in traffic, and everything else. > > > > I've doubled my network traffic since 11:30ish PM CST... > > > > If anyone has an idea of whats going on... > > > > AS5006 is where I'm at. > > > > -Eric > > > > On Sat, 25 Jan 2003, Andy Dills wrote: > > > >> Date: Sat, 25 Jan 2003 01:37:29 -0500 (EST) > >> From: Andy Dills <[email protected]> > >> To: Alex Rubenstein <[email protected]> > >> Cc: hc <[email protected]>, "[email protected]" <[email protected]> > >> Subject: Re: Level3 routing issues? > >> > >> > >> On Sat, 25 Jan 2003, Alex Rubenstein wrote: > >> > >> > > >> > > >> > I dunno about that. But, I am seeing, in the last couple hours, all > >> > kinds of new traffic. > >> > > >> > like, customers who never get attacked or anything, all of a sudden: > >> > > >> > http://mrtg.nac.net/switch9.oct.nac.net/3865/switch9.oct.nac.net-3865 > >> > .html > >> > > >> > > >> > We are seeing this on ports all across out network -- nearly 1/2 our > >> > ports are in delta alarm right now. > >> > > >> > Anyone else? > >> > > >> > I will dig more to look at the traffic. > >> > >> Interesting, at almost the exact same time (call it 12:30), qwest dropped > >> all but 1000 routes through IAD...still trying to get somebody on the > >> phone at their IP noc, not having much luck. Genuity seems fine at the > >> moment... > >> > >> Any speculation yet? Kind of an odd coincidence of problems... > >> > >> Oh, just got through...fiber cut in DC? > >> > >> Andy > >> > >> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > >> Andy Dills 301-682-9972 > >> Xecunet, LLC www.xecu.net > >> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > >> Dialup * Webhosting * E-Commerce * High-Speed Access > >> > >> > > > > > >
|