On Mon, 6 Oct 2003 14:01:31 -0700, Roland Dobbins wrote
Folks,
We've been handling a multi-vector DDoS - 40-byte spoofed SYN-flooding towards www.cisco.com (198.133.219.25/32) as well as an HTTP-AUTH resource-exhaustion attack, and working these issues with our upstreams. Our apologies for any inconveniences, and our thanks to those who've assisted in tracing and blocking the spoofed traffic.
We're continuing the work the issue, and would be grateful if operators would check for 40-byte spoofed TCP headed towards 198.133.219.25/32 and trace/block it as warranted. Your patience and understanding are greatly appreciated.
Thanks!
------------------------------------------------------------- Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice
My mailbox has filled quite a bit (to the tune of a dozen-plus mails) with comments along the lines of "don't quote me, NANOG is too important for my work, I don't want to get on Sue Harris' bad side" since my last so-called "off-topic" NANOG post (which all but *one* person, other than Sue Harris, found to be "within range and reason"). The spammers, the DDoS'ers, the proxy scanners and rapists, the SMTP auth crackers. the trojan spreaders, the DNSBL-DOS'ers, the hardcore computer criminals are the evil army of one? The following well-remembered lines come to mind here, and excuse me if you hear a slight hysterical laughter from my direction: "First They Came for the Jews First they came for the Jews and I did not speak out because I was not a Jew. Then they came for the Communists and I did not speak out because I was not a Communist. Then they came for the trade unionists and I did not speak out because I was not a trade unionist. Then they came for me and there was no one left to speak out for me." Pastor Martin Niemöller