[nsp-sec] 9.5+ Gbps of love - any assistance appreciated

Smith, Donald Donald.Smith at qwest.com
Sat Nov 7 14:43:31 EST 2009 

Greg, when I look at that IP, I see it going out one of our borders towards a peer (as6453), not a customer edge so I am wondering why you think we are impacted?


> traceroute 72.167.232.69
traceroute to 72.167.232.69 (72.167.232.69), 64 hops max, 40 byte packets
 1  min-core-02.inet.qwest.net (205.171.128.194)  0.327 ms  0.266 ms  0.228 ms
 2  chp-brdr-03.inet.qwest.net (67.14.8.194)  10.371 ms  10.460 ms  10.456 ms
 3  63.146.26.250 (63.146.26.250)  12.959 ms  17.334 ms  17.825 ms
 4  Vlan1270.icore1.SQN-SanJose.as6453.net (206.82.141.22)  67.684 ms  55.153 ms
  55.284 ms
 5  ix-5-0.icore1.SQN-SanJose.as6453.net (209.58.116.6)  61.815 ms  61.893 ms  6
2.034 ms
 6  172.16.5.1 (172.16.5.1)  61.677 ms  61.589 ms  61.410 ms
 7  209.200.184.34 (209.200.184.34)  61.789 ms  62.128 ms  62.365 ms
 8  209.200.186.74 (209.200.186.74)  66.361 ms  67.120 ms  66.430 ms
 9  ip-208-109-112-202.ip.secureserver.net (208.109.112.202)  66.421 ms  66.402
ms  66.424 ms
10  ip-216-69-188-85.ip.secureserver.net (216.69.188.85)  66.669 ms  66.474 ms
66.672 ms
11  ip-208-109-112-1.ip.secureserver.net (208.109.112.1)  66.654 ms  66.549 ms
66.331 ms
12  *
    ip-208-109-112-1.ip.secureserver.net (208.109.112.1)  66.401 ms !X *
13  *
    ip-208-109-112-1.ip.secureserver.net (208.109.112.1)  66.333 ms !X *

(coffee != sleep) & (!coffee == sleep)
 Donald.Smith at qwest.com gcia
________________________________
From: nsp-security-bounces at puck.nether.net [nsp-security-bounces at puck.nether.net] On Behalf Of Greg Schwimer [gschwimer at godaddy.com]
Sent: Saturday, November 07, 2009 10:31 AM
To: nsp-security at puck.nether.net
Subject: [nsp-sec] 9.5+ Gbps of love - any assistance appreciated

----------- nsp-security Confidential --------

Qwest - I believe this has impacted you guys as well.


It's been on and off for the last few days.  I don't have a list of IPs
for this most recent occurrence yet but if anyone sees anything that is
helpful I'd be very appreciative.

Victim: 72.167.232.69

History:

The last attack data showed the source was primarily from AS4134.  I'm
not sure this is the case this time but wouldn't be surprised.  I'll
post source data as soon as I get it.



Greg Schwimer
GoDaddy.com
gschwimer at godaddy.com



_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________


________________________________
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.

More information about the nsp-security mailing list