[nsp-sec] comcast?
jim deleskie
deleskie at gmail.com
Tue Dec 20 21:18:41 EST 2011
+1 for having seen the same type/size/src recently toward a cust,
On Tue, Dec 20, 2011 at 10:11 PM, Chris Morrow <morrowc at ops-netman.net> wrote:
> ----------- nsp-security Confidential --------
>
>
>
>
> On 12/20/2011 08:13 PM, Wim Biemolt wrote:
>>
>> ----------- nsp-security Confidential --------
>>
>> Hi,
>>
>> Seems I'm suffering from a> 15Gbps DDoS (UDP/161 traffic).
>> According tot our flows it is coming from AS 7922 (comcast).
>>
>>> proto UDP and port 161
>>> Top 2 AS ordered by flows:
>>> Date first seen Duration Proto AS Flows(%)
>>> Packets(%) Bytes(%) pps bps bpp
>>> 2011-12-20 23:39:49.910 1779.610 any 1101 16.1 M(99.9)
>>> 1.6 G(99.9) 2.4 T(100.0) 904626 2.1 G 1478
>>> 2011-12-20 23:39:54.810 1774.710 any 7922 15.5 M(96.3)
>>> 1.6 G(96.2) 2.3 T( 96.7) 874011 1.8 G 1484
>>
>>
>> Currently we are coping however it would be nice if it could
>> be stopped. The target most likely is a spamhaus mirror/server.
>
>
> guessing this is more snmp reflective dos... and like CPE/modems bouncing
> back 'sys.Descr.0' or the like :(
>
> would be interesting to get some idea of WHAT it is from and perhaps see if
> Comcast can put a clamp on it for everyone, since this is hitting more than
> you (spamhaus and cymru and a few others reported same sorts of incidents
> over the last 2-3 months)
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list