[nsp-sec] comcast?
Wim Biemolt
Wim.Biemolt at surfnet.nl
Tue Dec 20 20:13:48 EST 2011
Hi,
Seems I'm suffering from a > 15Gbps DDoS (UDP/161 traffic).
According tot our flows it is coming from AS 7922 (comcast).
> proto UDP and port 161
> Top 2 AS ordered by flows:
> Date first seen Duration Proto AS Flows(%) Packets(%) Bytes(%) pps bps bpp
> 2011-12-20 23:39:49.910 1779.610 any 1101 16.1 M(99.9) 1.6 G(99.9) 2.4 T(100.0) 904626 2.1 G 1478
> 2011-12-20 23:39:54.810 1774.710 any 7922 15.5 M(96.3) 1.6 G(96.2) 2.3 T( 96.7) 874011 1.8 G 1484
Currently we are coping however it would be nice if it could
be stopped. The target most likely is a spamhaus mirror/server.
Cheers,
-Wim -/- SURFnet
More information about the nsp-security
mailing list