North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DDOS Today?

  • From: Chris Lewis
  • Date: Sat Oct 11 23:07:00 2003


Hi, I hadn't noticed that this has something to do with us, until Dave Lugo pointed it out.

I really don't know who has anything to do with IPV6 here, I suspect very much it's a product
group's test block. Or something. I had forwarded a previous note about an IPV6 block with
no longer valid WHOIS contact info to our people who interact with the registries for DNS and IP,
but I don't know if it's the same block. Chances are that they're having almost as much trouble
as you tracking down who is responsible for this block.

I've forwarded a copy of this to some of the people I know in networking who may know about
this or what to do with it.

In the meantime, I strongly suggest that you call 1-800-684-4357 (our 7x24 support line) and enter a ticket.
I'd do it for you, but I don't have your contact information, nor understand this issue well enough to describe
it.

That help line normally gets support calls from employees, and they'll expect an employee number. I'll
email you my employee number directly, so you can give them an ID to tie it to if they insist.

Greg Valente wrote:

I just got on today.
Was there any large DDOS attacks today.
Any specific networks impacted?

-----Original Message-----
From: Jeroen Massar [mailto:[email protected]]
Sent: Friday, October 10, 2003 8:16 PM
To: [email protected]; [email protected]
Subject: Reserved ASN 64702, 6to4, 2 ghosts, other oddities and still no
working contacts...



-----BEGIN PGP SIGNED MESSAGE-----

Checking http://www.sixxs.net/tools/grh/lg/?show=bogons&find=::/0

People might want to filter on private ASN's also
when that ASN is being used as "transit"...

2001:a40::/32 AS64702 is reserved (path: 15516 3257 2497 4697 2914 10109 4538 4787 64702 20646 8763 5539 1930 9186) Ghost Route (14/12) 3ffe:3500::/24 3ffe:4005:fefe:: 25396 1752 10109 4538 4787 64702 20646 8319
We still have these 6to4 specifics btw:
2002:c2b1:d06e::/48 More specific 6to4 prefix (194.177.208.110/32) from AS5408 2002:c8a2::/33 More specific 6to4 prefix (200.162.0.0/17) from AS15180 2002:c8c6:4000::/34 More specific 6to4 prefix (200.198.64.0/18) from AS15180 2002:c8ca:7000::/36 More specific 6to4 prefix (200.202.112.0/20) from AS15180
And nopes, no contact has been made yet, apparently having
your email address listed in the registry frees you of any
obligations...

Another funny one:
3ffe:3::/32 Subnet of 3ffe::/24 Mismatching origin ASN,
should be 4555 (now: 29216) While there also is an announcement for:
2001:7fe::/32 I-rootserver-net-20030916

The ghosts of this month:
3ffe:1f00::/24
3ffe:2400::/24
Both with "10318 5623" common in their paths, obvious isn't it ?

Oh and yes, still no contact from anybody at nortel, apparently
that company doesn't know what IPv6 is. AS10318 (check above also)
is still announcing *their* block and still haven't made any comment
or reply back whatsoever. AS10318 have their own pTLA but apparently
are not contactable for that pTLA either. If anybody knows someone
alive for 3ffe:1300::/24 or AS762 or AS10318 please notify them.

Maybe posting to nanog raises some people from sleep. Mailing
the whois contacts directly doesn't help apparently.

Greets,
Jeroen

-----BEGIN PGP SIGNATURE-----
Version: Unfix PGP for Outlook Alpha 13 Int.
Comment: Jeroen Massar / [email protected] / http://unfix.org/~jeroen/

iQA/AwUBP4dLximqKFIzPnwjEQKluACglQJ+2QtJZ6O2fJZShwxLe0Z6Fz8AnRym
p0Clq/HyC9EoC/RsaYudqZey
=XBo4
-----END PGP SIGNATURE-----