On Wed, 26 Nov 2008, Pete Templin wrote:
It's coming in via 6461, but they don't appear to have any ability to backtrack it. Their only offer is to blackhole the destination until the attack subsides. BGP tells me the source is in AS 12322, a RIPE AS that has little if any information publicly visible.
From ripe whois database:
role: Technical Contact for ProXad address: Free SAS / ProXad address: 8, rue de la Ville L'Eveque address: 75008 Paris phone: +33 1 73 50 20 00 fax-no: +33 1 73 92 25 69 remarks: trouble: Information: http://www.proxad.net/ remarks: trouble: Spam/Abuse requests: mailto:abuse@proxad.net admin-c: RA999-RIPE tech-c: FG4214-RIPE nic-hdl: TCP8-RIPE mnt-by: PROXAD-MNT source: RIPE # Filtered abuse-mailbox: abuse@proxad.net Do you really call this "little if any information publically visible"? -- Mikael Abrahamsson email: swmike@swm.pp.se