[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OCCAID] IPv6 DDoS (Boston, MA)

To: James <james@towardex.com>
Subject: Re: [OCCAID] IPv6 DDoS (Boston, MA)
From: "Scott J. Clifford" <clifford@cnacs.occaid.org>
Date: Mon, 4 Oct 2004 14:58:37 -0400
Cc: occaid@cnacs.occaid.org
Delivered-to: carton@castrovalva.ivy.net
Delivered-to: carton@ivy.net
Delivered-to: occaid@mx01.bos.ma.towardex.com
In-reply-to: <20041004001644.GA44149@scylla.towardex.com>
List-archive: <http://mailman.twdx.net/pipermail/occaid>
List-help: <mailto:occaid-request@cnacs.occaid.org?subject=help>
List-id: <occaid.cnacs.occaid.org>
List-post: <mailto:occaid@cnacs.occaid.org>
List-subscribe: <http://mailman.twdx.net/mailman/listinfo/occaid>, <mailto:occaid-request@cnacs.occaid.org?subject=subscribe>
List-unsubscribe: <http://mailman.twdx.net/mailman/listinfo/occaid>, <mailto:occaid-request@cnacs.occaid.org?subject=unsubscribe>
References: <20041004000139.GA84800@scylla.towardex.com> <20041004001644.GA44149@scylla.towardex.com>
Resent-date: Mon, 4 Oct 2004 16:16:07 -0600
Resent-from: carton@sakima.Ivy.NET
Resent-message-id: <20041004221607.46D022FF58@sakima.Ivy.NET>
Resent-to: carton@castrovalva.ivy.net
Sender: occaid-bounces@cnacs.occaid.org
User-agent: Mutt/1.4.1i
Xref: castrovalva.Ivy.NET mail.list.occaid:88

Looks like it peaked at 32.7Mbps to Boston. Good thing we have diverse peerings
and diverse geographic network of core routers which distributed the flood.

With more & more abuse we see in IPv6 world lately I think there is a need for
more advanced IPv6 stack that can compete with the abuse levels like in IPv4.
We need things like unicast reverse path forwarding for IPv6, receive path ACL
for IPv6 and so on and so forth to preemptively protect our routers before they
become abused.

My two cents... 

Scott.

On Sun, Oct 03, 2004 at 08:16:45PM -0400, James wrote:
> On Sun, Oct 03, 2004 at 08:01:39PM -0400, James wrote:
> > We're currently experiencing a fairly moderate IPv6 based DDoS destined to
> > 3ffe:401d:2004::2 out in Boston (currently 15 to 20Mbps). This is rather first
> > time we are seeing a sophisticated distributed attack.
> > 
> > The destination victim address in question has been null-routed temporarily.
> > Thanks,
> 
> The situation is now back under control. Thanks to 30071:666 community bit, it
> was fairly easy to get the attack locked down at all borders of the network in
> just a few minutes.
> 
> The victim of the attack has been notified appropriately.
> 
> Thanks,
> -J
> 
> -- 
> James Jun                                            TowardEX Technologies, Inc.
> Technical Lead                        Network Design, Consulting, IT Outsourcing
> james@towardex.com                  Boston-based Colocation & Bandwidth Services
> cell: 1(978)-394-2867           web: http://www.towardex.com , noc: www.twdx.net
> _______________________________________________
> Occaid mailing list
> Occaid@cnacs.occaid.org
> http://mailman.twdx.net/mailman/listinfo/occaid
_______________________________________________
Occaid mailing list
Occaid@cnacs.occaid.org
http://mailman.twdx.net/mailman/listinfo/occaid

Follow-Ups:
- Re: [OCCAID] IPv6 DDoS (Boston, MA)
  - From: James <james@towardex.com>

References:
- [OCCAID] IPv6 DDoS (Boston, MA)
  - From: James <james@towardex.com>
- Re: [OCCAID] IPv6 DDoS (Boston, MA)
  - From: James <james@towardex.com>

Prev by Date: Re: [OCCAID] IPv6 DDoS (Boston, MA)
Next by Date: Re: [OCCAID] IPv6 DDoS (Boston, MA)
Previous by thread: Re: [OCCAID] IPv6 DDoS (Boston, MA)
Next by thread: Re: [OCCAID] IPv6 DDoS (Boston, MA)
Index(es):
- Date
- Thread