[nsp-sec] heavy udp fragments attack
Jan Boogman
boogman at ip-plus.net
Fri Jun 19 11:50:50 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi
we are currently (actually since monday) under heavy attack with udp
fragments on port 53 against all our nameserver, mailservers, some
peering interfaces and some customers. The attacks are mostly
mitigated but every few hours new targets pop up.
We would appreciate if you could check if you have flows with udp/53
fragments towards 164.128.0.0/16 and block them if possible.
We also got threat mails with a (probably fake) return-to address <stophappysexch at yahoo.com
>, menacing us with continued attacks if we wouldn't stop the peering
with www.happysex.ch's provider
Thanks
Jan
- ---
Jan Boogman
Swisscom - IP-Plus Internet Services - AS3303
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iD8DBQFKO7PbeQz45pCQ6ikRAjfRAKD570LnskuSJpCkhRfHYSWQWuLTgQCgxhtt
Y+waN0JQH4RpeuKKrpGIccA=
=J5dH
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list