[AusNOG] Routing issues with IINet and Telstra to www.optionsxpress.com.au

James Braunegg james.braunegg at micron21.com
Tue Jan 14 11:42:09 EST 2014 

Dear All

I found a very sexy stats page if you're interested about prolexic services

http://www.prolexic.com/plxpatrol/index.html

Very interesting to see the attack type break down over the last 30 days / all time for those like me who love network security ;-)

Kindest Regards

James Braunegg
P:  1300 769 972  |  M:  0488 997 207 |  D:  (03) 9751 7616
E:   james.braunegg at micron21.com<mailto:james.braunegg at micron21.com>  |  ABN:  12 109 977 666
W:  www.micron21.com/ddos-protection<http://www.micron21.com/ddos-protection>   T: @micron21


[Description: Description: Description: Description: M21.jpg]
This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer.

From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of James Braunegg
Sent: Tuesday, January 14, 2014 11:34 AM
To: Mark Tees; Frank Lin
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Routing issues with IINet and Telstra to www.optionsxpress.com.au


Dear All



This is normal behavior routing traffic via AS32787  - Prolexic Technologies



The second last hop on each trace 209.200.136.34 is the scrubbing center which then provides a GRE tunnel back to the original network



Kindest Regards


James Braunegg
P:  1300 769 972  |  M:  0488 997 207 |  D:  (03) 9751 7616
E:   james.braunegg at micron21.com<mailto:james.braunegg at micron21.com>  |  ABN:  12 109 977 666
W:  www.micron21.com/ip-transit<http://www.micron21.com/ip-transit>   T: @micron21


[Description: Description: Description: Description: M21.jpg]
This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer.

-----Original Message-----
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Mark Tees
Sent: Tuesday, January 14, 2014 11:04 AM
To: Frank Lin
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Routing issues with IINet and Telstra to www.optionsxpress.com.au



Judging from other posts the destination network is probably receiving  DDOS traffic at present.



The funny looking routes towards the host are attempts at guiding traffic in through certain routes for scrubbing/mitigation.



Given there is a Prolexic hop mentioned there things will hopefully come under control soon :)



On 14 Jan 2014, at 10:45 am, Frank Lin <TwinMonkeys.Enterprises at gmail.com<mailto:TwinMonkeys.Enterprises at gmail.com>> wrote:



> Hi Noggers,

>

> I am seeing some routing issues to www.optionsxpress.com.au<http://www.optionsxpress.com.au> especially from IInet and Telstra.

>

> Are you able confirm?

>

> Thanks

> Frank

>

> IInet route:

> traceroute www.optionsxpress.com.au<http://www.optionsxpress.com.au>

> Tracing the route to www.wip.optionsxpress.com.au<http://www.wip.optionsxpress.com.au> (114.141.73.68)

>

>   1 gi0-18.syd-ult-svc1.iinet.net.au (203.215.16.47) [AS 4802] 4 msec 4 msec 0 msec

>   2 gi2-7.syd-ult-bdr2.iinet.net.au (203.215.16.7) [AS 4802] 0 msec 0 msec 0 msec

>   3 po3-100.syd-ult-bdr1.on.ii.net (203.215.20.146) [AS 4802] [MPLS: Label 376 Exp 0] 0 msec 4 msec 0 msec

>   4 ae2.syd-ult-core1.on.ii.net (203.215.20.30) [AS 4802] 0 msec 0 msec 0 msec

>   5 xe-7-0-10-10.br1.syd7.on.ii.net (150.101.33.112) [AS 4739] 0 msec 0 msec 0 msec

>   6 ae0.br1.syd4.on.ii.net (150.101.33.14) [AS 4739] [MPLS: Label 319984 Exp 0] 0 msec 24 msec 32 msec

>   7 te0-2-0.bdr1.hkg2.on.ii.net (150.101.33.199) [AS 4739] 112 msec 112 msec 112 msec

>   8  *  *  *

>   9  *  *  *

>  10  *  *  *

>  11  *  *  *

>  12  *  *  *

>  13  *  *  *

>  14  *  *  *

>  15  *  *  *

>  16  *  *  *

>  17  *  *  *

>  18  *  *  *

>  19  *  *  *

>  20  *  *  *

>  21  *  *  *

>  22  *  *  *

>  23  *  *  *

>  24  *  *  *

>  25  *  *  *

>  26  *

>     114.141.73.68 [AS 32787] 204 msec *

>

>

> Telstra route (not even close):

> 1  gigabitethernet3-3.exi1.melbourne.telstra.net (203.50.77.49)  0.310 ms  0.280 ms  0.243 ms

>  2  bundle-ether3.exi-core1.melbourne.telstra.net (203.50.80.1)  0.869 ms  3.298 ms  4.117 ms

>  3  bundle-ether12.chw-core2.sydney.telstra.net (203.50.11.74)  16.486 ms  15.417 ms  15.985 ms

>  4  bundle-ether1.oxf-gw2.sydney.telstra.net (203.50.6.90)  17.734 ms  17.166 ms  15.985 ms

>  5  203.50.9.42 (203.50.9.42)  19.234 ms  19.417 ms  15.986 ms

>  6  i-0-2-0-5.sydo-core02.bi.telstraglobal.net (202.84.223.42)  16.484 ms  19.289 ms  15.986 ms

>  7  i-0-2-0-5.1wlt-core01.bx.telstraglobal.net (202.84.140.202)  160.775 ms

>     i-0-2-0-1.1wlt-core01.bx.telstraglobal.net (202.84.249.50)  158.460 ms

>     i-0-2-0-8.1wlt-core01.bx.telstraglobal.net (202.84.143.154)  161.086 ms

>  8  i-0-4-0-0.eqla01.bi.telstraglobal.net (202.84.251.174)  158.710 ms

>     i-0-4-0-2.eqla01.bi.telstraglobal.net (202.40.149.242)  158.210 ms

>     i-0-4-0-0.eqla01.bi.telstraglobal.net (202.84.251.174)  157.463 ms

>  9  *

>

> TPG route (good):

>   1 syd-sot-ken-crs1-Te-0-4-0-1.tpgi.com.au (203.29.135.42) 0 msec 8 msec 8 msec

>   2 203-26-22-113.static.tpgi.com.au (203.26.22.113) [MPLS: Label 21 Exp 0] 0 msec 0 msec 0 msec

>   3 202.7.171.229 4 msec 0 msec 4 msec

>   4 prolexic-10G.hkix.net (202.40.161.26) 116 msec 112 msec 116 msec

>   5 209.200.136.34 [AS 32787] 112 msec 116 msec 112 msec

>   6 www.wip.optionsxpress.com.au<http://www.wip.optionsxpress.com.au> (114.141.73.67) [AS 32787] 116 msec 112 msec 112 msec

>

>

>

> _______________________________________________

> AusNOG mailing list

> AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>

> http://lists.ausnog.net/mailman/listinfo/ausnog



_______________________________________________

AusNOG mailing list

AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>

http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140114/84adcab1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2683 bytes
Desc: image001.jpg
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140114/84adcab1/attachment.jpg>

More information about the AusNOG mailing list