Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

AS3303 customer under attack

  • From: Andre Chapuis
  • Date: Tue Sep 24 04:27:12 2002

Dear NOC /Nanog,
We (Swisscom, AS3303) have a customer that is being attacked for about 5 days now. It is a DOS attack with spoofed source IP addresses. The destination network is:

193.77.0.0/16 , as-path 3303 8437 5603 2610

The attack is (at least !) 100Mb/s, and is coming from different peers. Yesterday it was on our peerings with AS7018 and AS6453 in Palo-Alto, today seems to be more on the AADS in Chicago.
I applied the following packet filter (access-list 19 below) to all our external links, and there is a huge amount of packet with those source IP coming in. Although we drop these packets at our ingress, may i ask everyone peering with us (and others if you feel concerned) to configure that packet filter in output ?

Thanks a lot for your help (or feedback if you are also experiencing such problems) and have a nice day

André

-----------------------------------------------------------------------
access-list 19 deny   0.0.0.0 0.255.255.255
access-list 19 deny   1.0.0.0 0.255.255.255
access-list 19 deny   2.0.0.0 0.255.255.255
access-list 19 deny   5.0.0.0 0.255.255.255
access-list 19 deny   7.0.0.0 0.255.255.255
access-list 19 deny   10.0.0.0 0.255.255.255
access-list 19 deny   14.0.0.0 0.255.255.255
access-list 19 deny   23.0.0.0 0.255.255.255
access-list 19 deny   31.0.0.0 0.255.255.255
access-list 19 deny   36.0.0.0 0.255.255.255
access-list 19 deny   37.0.0.0 0.255.255.255
access-list 19 deny   39.0.0.0 0.255.255.255
access-list 19 deny   41.0.0.0 0.255.255.255
access-list 19 deny   42.0.0.0 0.255.255.255
access-list 19 deny   58.0.0.0 1.255.255.255
access-list 19 deny   60.0.0.0 0.255.255.255
access-list 19 deny   70.0.0.0 1.255.255.255
access-list 19 deny   72.0.0.0 7.255.255.255
access-list 19 deny   82.0.0.0 1.255.255.255
access-list 19 deny   84.0.0.0 3.255.255.255
access-list 19 deny   88.0.0.0 7.255.255.255
access-list 19 deny   96.0.0.0 31.255.255.255
access-list 19 deny   169.254.0.0 0.0.255.255
access-list 19 deny   172.16.0.0 0.15.255.255
access-list 19 deny   176.0.0.0 15.255.255.255
access-list 19 deny   192.0.0.0 0.0.0.255
access-list 19 deny   192.0.2.0 0.0.0.255
access-list 19 deny   192.168.0.0 0.0.255.255
access-list 19 deny   222.0.0.0 1.255.255.255
access-list 19 deny   224.0.0.0 31.255.255.255
access-list 19 permit any



---------------------
Andre Chapuis
IP+ Engineering
Swisscom Ltd
Genfergasse 14
3050 Bern
+41 31 893 89 61
chapuis@ip-plus.net
CCIE #6023
----------------------





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.