[nsp-sec] AS4134 - helo captain synflooder?
Chris Morrow
morrowc at ops-netman.net
Tue Nov 30 14:50:14 EST 2010
Hello,
Hopefully someone on-list has a decent contact (or perhaps is with?)
Chinanet/cndata.com (AS4134)? We've seen an increasingly frequent
SynFlood type of attack passing through AS4134 to AS15169 over the last
few weeks, 3x today. Most of them are in the +400kpps range of attack
size, some have been over 1mpps.
Today's victim ip was: 66.249.89.104
Looking at the traffic we sampled, a good bit of it seems to actually be
a fairly widely spoofed source attack. Does Chinanet ingress filter it's
customers? (any of them really) and/or can Chinanet trace the traffic
(now, via graphs or other such data) to a source interface(s)? It looks,
to me, like the attacks today were at:
o 0245 PST || 1045 UTC 11/30/2010
o 0750 PST || 1550 UTC 11/30/2010
o 0830 PST || 1630 UTC 11/30/2010
Thanks!
-Chris
More information about the nsp-security
mailing list