[nsp-sec] AS5430 under attack -- assistance needed
Patrick Rother
krd at mcbone.net
Thu Jul 19 14:39:54 EDT 2012
On Thu, Jul 19, 2012 at 08:37:21PM +0200, sthaug at nethelp.no wrote:
> > > Spoofed source DNS-based amplification attacks are all the rage at the
> > > moment, presumably because they give a lot of "bang for the buck", with
> > > amplification factors in the 10 to 100 range.
> > >
> > > Since they are based on spoofed sources (the IP addresses of the victim
> > > hosts in your AS), you either need to block the attack traffic on your
> > > borders, or get the upstream providers to block it. I recommend opening
> > > tickets with your upstream providers ASAP.
> >
> > Ok, thank you.
> >
> > So there isn't a list of open resolvers I could drop source packets
> > from, or a BGP server publishing such a list?
>
> Cymru publishes per-AS lists of open resolvers. Whether that will help
> you right now - well, that depends. Would you be able to sink the extra
> traffic if you knew the IP addresses of the open resolvers? Take into
> consideration that there are thousands of these open resolvers...
Probably this would now work for the amount of open resolver.
Ok, thank you for your help!
--
freenet Datenkommunikations GmbH, Willstätterstraße 13, D-40549 Düsseldorf
Ein Unternehmen der freenet AG
Geschäftsführer: Stephan Esch, Nicolas Tetau
Amtsgericht Hamburg HRB 88147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20120719/225fe5c1/attachment-0001.sig>
More information about the nsp-security
mailing list