Well, Those poor guys are under perma DNS Amplifcation DDoS for what seems to be 2 weeks now. About 7 days ago they started sending us emails for what is less than 2MB worth of data (~500 packets) which is about how long it takes for filters to take effect. But after 1 week of communication they are not changing their procedures :( Anyone else receiving those emails? ----- Since most providers (at any level) are not putting any effort on BCP38. Is there a [Spoofing Tracking Squad] out there? ( We're on GT-T/nLayer/Tinet ) -- ----- Alain Hebert ahebert@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
On Fri, Jan 24, 2014 at 9:22 AM, Alain Hebert <ahebert@pubnix.net> wrote:
Well,
Those poor guys are under perma DNS Amplifcation DDoS for what seems to be 2 weeks now.
they seem to be hosted at internap, you'd think they could just ask internap to fix this for them instead, eh?
On Jan 24, 2014, at 9:22 AM, Alain Hebert <ahebert@pubnix.net> wrote:
Is there a [Spoofing Tracking Squad] out there? ( We're on GT-T/nLayer/Tinet )
You haven’t been able to get GTT/nLayer/TINet to track the traffic back? Details are welcome, either here or in private. There are plenty of people who will chase and fix this stuff when they’re aware of it. - Jared
On Jan 24, 2014, at 8:36 AM, Jared Mauch wrote:
You haven’t been able to get GTT/nLayer/TINet to track the traffic back?
Details are welcome, either here or in private. There are plenty of people who will chase and fix this stuff when they’re aware of it.
When OpenResolver Project was announced, there were about 60 abusable addresses in my corner of the Internet. I was able to get that number down under 20 by asking politely. The NFOserver reports have been a pretty good stick to get the number down below 10. --Chris
On 24 January 2014 16:23, Chris Boyd <cboyd@gizmopartners.com> wrote:
On Jan 24, 2014, at 8:36 AM, Jared Mauch wrote:
You haven’t been able to get GTT/nLayer/TINet to track the traffic back?
Details are welcome, either here or in private. There are plenty of people who will chase and fix this stuff when they’re aware of it.
When OpenResolver Project was announced, there were about 60 abusable addresses in my corner of the Internet. I was able to get that number down under 20 by asking politely. The NFOserver reports have been a pretty good stick to get the number down below 10.
http://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/latest.... Uh.. Oh. I see a lot of references to Teléfonica in Latin America. -- -- ℱin del ℳensaje.
Hi, Well the abusers started to use burst and then switching targeted IP. Last time I opened a ticket with GT-T/nLayer for a ~120Mbps NTP DDoS Amplification "attempt" toward 2 of my IP's. . after 2h, I called them directly to be told they lost my original request; . after 4h, got told it wasn't assigned yet; . after 12h, they finally applied the filter as the amp attempt stopped; Based on that experience... why bother. To give you an idea, in the past 4 days and 30m queries, I'm up to 1100 blocked targets on one of my DNS Servers. ----- Alain Hebert ahebert@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443 On 01/24/14 09:36, Jared Mauch wrote:
On Jan 24, 2014, at 9:22 AM, Alain Hebert <ahebert@pubnix.net> wrote:
Is there a [Spoofing Tracking Squad] out there? ( We're on GT-T/nLayer/Tinet ) You haven’t been able to get GTT/nLayer/TINet to track the traffic back?
Details are welcome, either here or in private. There are plenty of people who will chase and fix this stuff when they’re aware of it.
- Jared
On Fri, Jan 24, 2014 at 3:50 PM, Alain Hebert <ahebert@pubnix.net> wrote:
Hi,
Well the abusers started to use burst and then switching targeted IP.
Last time I opened a ticket with GT-T/nLayer for a ~120Mbps NTP DDoS Amplification "attempt" toward 2 of my IP's.
. after 2h, I called them directly to be told they lost my original request;
. after 4h, got told it wasn't assigned yet;
. after 12h, they finally applied the filter as the amp attempt stopped;
Based on that experience... why bother.
there are providers that have services to stop this sort of thing, there is at least one provider that does that stuff for free... you could vote with your wallet, of course.
To give you an idea, in the past 4 days and 30m queries, I'm up to 1100 blocked targets on one of my DNS Servers.
that's a bummer.
participants (5)
-
Alain Hebert -
Chris Boyd -
Christopher Morrow -
Jared Mauch -
Tei