[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[OCCAID] IPv6 DDoS (Boston, MA)

To: occaid@cnacs.occaid.org
Subject: [OCCAID] IPv6 DDoS (Boston, MA)
From: James <james@towardex.com>
Date: Sun, 3 Oct 2004 20:01:39 -0400
Delivered-to: carton@castrovalva.Ivy.NET
Delivered-to: carton@ivy.net
Delivered-to: occaid@mx01.bos.ma.towardex.com
List-archive: <http://mailman.twdx.net/pipermail/occaid>
List-help: <mailto:occaid-request@cnacs.occaid.org?subject=help>
List-id: <occaid.cnacs.occaid.org>
List-post: <mailto:occaid@cnacs.occaid.org>
List-subscribe: <http://mailman.twdx.net/mailman/listinfo/occaid>, <mailto:occaid-request@cnacs.occaid.org?subject=subscribe>
List-unsubscribe: <http://mailman.twdx.net/mailman/listinfo/occaid>, <mailto:occaid-request@cnacs.occaid.org?subject=unsubscribe>
Sender: occaid-bounces@cnacs.occaid.org
User-agent: Mutt/1.4.1i
Xref: castrovalva.Ivy.NET mail.list.occaid:83

We're currently experiencing a fairly moderate IPv6 based DDoS destined to
3ffe:401d:2004::2 out in Boston (currently 15 to 20Mbps). This is rather first
time we are seeing a sophisticated distributed attack.

The destination victim address in question has been null-routed temporarily.
Thanks,
-J

19:14:37.286554 204.152.184.210 > 65.124.20.41: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (33264|1232)
19:14:37.286580 65.124.20.41 > 69.164.103.201: 2002:da0c:ec81::da0c:ec81 > 3ffe:401d:2004::2: frag (17248|1232)
19:14:37.286692 65.124.20.41 > 69.164.103.201: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (32032|1232)
19:14:37.287044 65.124.20.41 > 69.164.103.201: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (33264|1232)
19:14:37.287058 204.152.184.210 > 65.124.20.41: 2002:ddc3:44b::ddc3:44b > 3ffe:401d:2004::2: frag (50512|1232)
19:14:37.287367 204.152.184.210 > 65.124.20.41: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (34496|1232)
19:14:37.287554 65.124.20.41 > 69.164.103.201: 2002:ddc3:44b::ddc3:44b > 3ffe:401d:2004::2: frag (50512|1232)
19:14:37.287845 65.124.20.41 > 69.164.103.201: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (34496|1232)
19:14:37.287882 204.152.184.210 > 65.124.20.41: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (35728|1232)
19:14:37.288351 204.152.184.210 > 65.124.20.41: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (36960|1232)
19:14:37.288362 65.124.20.41 > 69.164.103.201: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (35728|1232)
19:14:37.288496 204.152.184.210 > 65.124.20.41: 2002:3d34:4eab::3d34:4eab > 3ffe:401d:2004::2: frag (28336|1232)
19:14:37.288839 65.124.20.41 > 69.164.103.201: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (36960|1232)
19:14:37.288950 204.152.184.210 > 65.124.20.41: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (38192|1232)
19:14:37.288999 65.124.20.41 > 69.164.103.201: 2002:3d34:4eab::3d34:4eab > 3ffe:401d:2004::2: frag (28336|1232)
19:14:37.289192 204.152.184.210 > 65.124.20.41: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (39424|1232)
19:14:37.289441 65.124.20.41 > 69.164.103.201: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (38192|1232)
19:14:37.289453 204.152.184.210 > 65.124.20.41: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (40656|1232)
19:14:37.289574 204.152.184.210 > 65.124.20.41: 2002:da1b:d7f3::da1b:d7f3 > 3ffe:401d:2004::2: frag (33264|1232)
19:14:37.289694 204.152.184.210 > 65.124.20.41: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (41888|1232)
19:14:37.289702 65.124.20.41 > 69.164.103.201: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (39424|1232)
19:14:37.289900 204.152.184.210 > 65.124.20.41: 2002:3d34:7e03::3d34:7e03 > 3ffe:401d:2004::2: frag (34496|1232)
19:14:37.289945 65.124.20.41 > 69.164.103.201: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (40656|1232)
19:14:37.290084 65.124.20.41 > 69.164.103.201: 2002:da1b:d7f3::da1b:d7f3 > 3ffe:401d:2004::2: frag (33264|1232)
19:14:37.290124 204.152.184.210 > 65.124.20.41: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (43120|1232)
19:14:37.290189 65.124.20.41 > 69.164.103.201: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (41888|1232)
19:14:37.290387 65.124.20.41 > 69.164.103.201: 2002:3d34:7e03::3d34:7e03 > 3ffe:401d:2004::2: frag (34496|1232)
19:14:37.290610 65.124.20.41 > 69.164.103.201: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (43120|1232)
19:14:37.290639 204.152.184.210 > 65.124.20.41: 2002:de89:3f53::de89:3f53 > 3ffe:401d:2004::2: frag (51744|1232)
19:14:37.290768 204.152.184.210 > 65.124.20.41: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (44352|1232)
19:14:37.290887 204.152.184.210 > 65.124.20.41: 2002:dae8:1658::dae8:1658 > 3ffe:401d:2004::2: frag (50512|1232)
19:14:37.291149 65.124.20.41 > 69.164.103.201: 2002:de89:3f53::de89:3f53 > 3ffe:401d:2004::2: frag (51744|1232)
19:14:37.291259 65.124.20.41 > 69.164.103.201: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (44352|1232)
19:14:37.291367 65.124.20.41 > 69.164.103.201: 2002:dae8:1658::dae8:1658 > 3ffe:401d:2004::2: frag (50512|1232)
19:14:37.291429 204.152.184.210 > 65.124.20.41: 2002:da0c:8b93::da0c:8b93 > 3ffe:401d:2004::2: frag (45584|1232)

-- 
James Jun                                            TowardEX Technologies, Inc.
Technical Lead                        Network Design, Consulting, IT Outsourcing
james@towardex.com                  Boston-based Colocation & Bandwidth Services
cell: 1(978)-394-2867           web: http://www.towardex.com , noc: www.twdx.net
_______________________________________________
Occaid mailing list
Occaid@cnacs.occaid.org
http://mailman.twdx.net/mailman/listinfo/occaid

Follow-Ups:
- Re: [OCCAID] IPv6 DDoS (Boston, MA)
  - From: James <james@towardex.com>

Prev by Date: [OCCAID] Endpoint Update
Next by Date: Re: [OCCAID] IPv6 DDoS (Boston, MA)
Previous by thread: [OCCAID] IPv6 Maintenance at South east areas
Next by thread: Re: [OCCAID] IPv6 DDoS (Boston, MA)
Index(es):
- Date
- Thread