[nsp-sec] 9.5+ Gbps of love - any assistance appreciated

Smith, Donald Donald.Smith at qwest.com
Sat Nov 7 15:07:05 EST 2009 

Ok let me check yesterdays flows and see what I can see.
Todays netflow didn't have a hint of it in there.
If it is traversing out link and going to a customer port we may be able to do something for you. Did Godaddy call the noc for assistence or is this your first attempt to reach out to qwest?

(coffee != sleep) & (!coffee == sleep)
 Donald.Smith at qwest.com gcia
________________________________
From: Greg Schwimer [gschwimer at godaddy.com]
Sent: Saturday, November 07, 2009 12:59 PM
To: Smith, Donald
Cc: nsp-security at puck.nether.net
Subject: RE: [nsp-sec] 9.5+ Gbps of love - any assistance appreciated

The have diverted traffic away from you at this time.  The flows were hitting us directly through your network until that time.  It congested one of our 10G links with you.  You're probably not seeing any longer.

Greg Schwimer
GoDaddy.com
gschwimer at godaddy.com
tel. 480-366-3636

==================================================================================
Please contact my supervisor at wthayer at godaddy.com with any feedback.
==================================================================================

-------- Original Message --------
Subject: RE: [nsp-sec] 9.5+ Gbps of love - any assistance appreciated
From: "Smith, Donald" <Donald.Smith at qwest.com>
Date: Sat, November 07, 2009 12:43 pm
To: Greg Schwimer <gschwimer at godaddy.com>,
"nsp-security at puck.nether.net" <nsp-security at puck.nether.net>

Greg, when I look at that IP, I see it going out one of our borders towards a peer (as6453), not a customer edge so I am wondering why you think we are impacted?


> traceroute 72.167.232.69
traceroute to 72.167.232.69 (72.167.232.69), 64 hops max, 40 byte packets
1 min-core-02.inet.qwest.net (205.171.128.194) 0.327 ms 0.266 ms 0.228 ms
2 chp-brdr-03.inet.qwest.net (67.14.8.194) 10.371 ms 10.460 ms 10.456 ms
3 63.146.26.250 (63.146.26.250) 12.959 ms 17.334 ms 17.825 ms
4 Vlan1270.icore1.SQN-SanJose.as6453.net (206.82.141.22) 67.684 ms 55.153 ms
55.284 ms
5 ix-5-0.icore1.SQN-SanJose.as6453.net (209.58.116.6) 61.815 ms 61.893 ms 6
2.034 ms
6 172.16.5.1 (172.16.5.1) 61.677 ms 61.589 ms 61.410 ms
7 209.200.184.34 (209.200.184.34) 61.789 ms 62.128 ms 62.365 ms
8 209.200.186.74 (209.200.186.74) 66.361 ms 67.120 ms 66.430 ms
9 ip-208-109-112-202.ip.secureserver.net (208.109.112.202) 66.421 ms 66.402
ms 66.424 ms
10 ip-216-69-188-85.ip.secureserver.net (216.69.188.85) 66.669 ms 66.474 ms
66.672 ms
11 ip-208-109-112-1.ip.secureserver.net (208.109.112.1) 66.654 ms 66.549 ms
66.331 ms
12 *
ip-208-109-112-1.ip.secureserver.net (208.109.112.1) 66.401 ms !X *
13 *
ip-208-109-112-1.ip.secureserver.net (208.109.112.1) 66.333 ms !X *

(coffee != sleep) & (!coffee == sleep)
Donald.Smith at qwest.com gcia
________________________________
From: nsp-security-bounces at puck.nether.net [nsp-security-bounces at puck.nether.net] On Behalf Of Greg Schwimer [gschwimer at godaddy.com]
Sent: Saturday, November 07, 2009 10:31 AM
To: nsp-security at puck.nether.net
Subject: [nsp-sec] 9.5+ Gbps of love - any assistance appreciated

----------- nsp-security Confidential --------

Qwest - I believe this has impacted you guys as well.


It's been on and off for the last few days. I don't have a list of IPs
for this most recent occurrence yet but if anyone sees anything that is
helpful I'd be very appreciative.

Victim: 72.167.232.69

History:

The last attack data showed the source was primarily from AS4134. I'm
not sure this is the case this time but wouldn't be surprised. I'll
post source data as soon as I get it.



Greg Schwimer
GoDaddy.com
gschwimer at godaddy.com



_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________


________________________________
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.

________________________________
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.

More information about the nsp-security mailing list