North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DDOS Today?

  • From: Dan Armstrong
  • Date: Sat Oct 11 15:43:58 2003

I am still trying to confirm what happened, but it looks like we got whacked today.

Around 2:35 EST all our BGP peers dropped pretty much at the same time.  Our mrtg systems have all fallen over too - so I can't confirm a traffic spike.

Anybody else?

Dan.
 

Greg Valente wrote:

I just got on today.
Was there any large DDOS attacks today.
Any specific networks impacted?

-----Original Message-----
From: Jeroen Massar [mailto:[email protected]]
Sent: Friday, October 10, 2003 8:16 PM
To: [email protected]; [email protected]
Subject: Reserved ASN 64702, 6to4, 2 ghosts, other oddities and still no
working contacts...

-----BEGIN PGP SIGNED MESSAGE-----

Checking http://www.sixxs.net/tools/grh/lg/?show=bogons&find=::/0

People might want to filter on private ASN's also
when that ASN is being used as "transit"...

2001:a40::/32 AS64702 is reserved (path: 15516 3257 2497 4697 2914 10109 4538 4787 64702 20646 8763 5539 1930 9186) Ghost Route (14/12)
3ffe:3500::/24   3ffe:4005:fefe::     25396 1752 10109 4538 4787 64702 20646 8319

We still have these 6to4 specifics btw:
2002:c2b1:d06e::/48      More specific 6to4 prefix (194.177.208.110/32) from AS5408
2002:c8a2::/33           More specific 6to4 prefix (200.162.0.0/17) from AS15180
2002:c8c6:4000::/34      More specific 6to4 prefix (200.198.64.0/18) from AS15180
2002:c8ca:7000::/36      More specific 6to4 prefix (200.202.112.0/20) from AS15180

And nopes, no contact has been made yet, apparently having
your email address listed in the registry frees you of any
obligations...

Another funny one:
3ffe:3::/32              Subnet of 3ffe::/24 Mismatching origin ASN,
                         should be 4555 (now: 29216)
While there also is an announcement for:
2001:7fe::/32            I-rootserver-net-20030916

The ghosts of this month:
3ffe:1f00::/24
3ffe:2400::/24
Both with "10318 5623" common in their paths, obvious isn't it ?

Oh and yes, still no contact from anybody at nortel, apparently
that company doesn't know what IPv6 is. AS10318 (check above also)
is still announcing *their* block and still haven't made any comment
or reply back whatsoever. AS10318 have their own pTLA but apparently
are not contactable for that pTLA either. If anybody knows someone
alive for 3ffe:1300::/24 or AS762 or AS10318 please notify them.

Maybe posting to nanog raises some people from sleep. Mailing
the whois contacts directly doesn't help apparently.

Greets,
 Jeroen

-----BEGIN PGP SIGNATURE-----
Version: Unfix PGP for Outlook Alpha 13 Int.
Comment: Jeroen Massar / [email protected] / http://unfix.org/~jeroen/

iQA/AwUBP4dLximqKFIzPnwjEQKluACglQJ+2QtJZ6O2fJZShwxLe0Z6Fz8AnRym
p0Clq/HyC9EoC/RsaYudqZey
=XBo4
-----END PGP SIGNATURE-----