Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Denial of service attacks apparently from UUNET Netblocks

  • From: Steve Mansfield
  • Date: Mon Oct 06 12:35:36 1997

> Ladies and Gentlemen,
> 
> This evening, at 11:45 PM CDT, a serious and severe denial of service attack
> was launched against MCSNet.
> 
> The machines implicated individually as sources, so far, all appear to be 
> MAX TNTs within UUNET's core.
> 
> Examples are 207.76.40.175 and 207.76.57.161/164.

More specifically, TNT's in UUNET's New York dialup area:

Name: e24.tnt16.nyc3.da.uu.net
Address: 207.76.57.161

Name: e24.tnt19.nyc3.da.uu.net
Address: 207.76.57.164

Name: tnt31.nyc3.da.uu.net
Address: 207.76.40.175

> This might indicate that either someone inside UUNET was responsible, or
> that someone has penetrated UUNET's internal security and compromised the
> source devices.  As TNTs are typically connected to very-high-speed egress
> pathways, they would be quite capable of sourcing the data flows we saw this
> evening.

More likely, since these are going to be dynamically allocated addresses,
it was a single UUNET customer dialing in multiple times (ISDN...) and 
slamming the bits at you.

> If someone of these people HAD been available, we might have caught the
> perpetrator(s) in the act.

S'okay.  Have the feds subpoena UUNET for the connect logs for these
max'es.  UUNET keeps the logs and is capable, given the exact time of the
attack(s), of going through the logs, identifying exactly who it was, and
if it's one of their customers, giving the personal info to the feds.
If it's a reseller's customer, they can get the user info and forward it to
the reseller and inform the feds who they need to talk to for the personal
info.  Whoever it was is as good as nailed.

Steve Mansfield				 steve@nwnet.net
NorthWestNet Network Engineer	         425-649-7467




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.