[AusNOG] Traffic from Optus and Telstra CPE addresses
Russell Langton
russell3901 at gmail.com
Tue Mar 4 15:35:24 EST 2014
Hi Joshua,
They both look like CPE addresses.
I think the first step would be to take traffic captures to confirm what
kind of attack it is (ntp/snmp/dns/chargen) and then implement protections
on your border to stop it impacting your customers/s.
If you can't implement protections, then at least with the packet captures
can you approach the providers to maybe contact the customers to fix their
problems, but this opens another can-o-worms.
On Tue, Mar 4, 2014 at 3:12 PM, Joshua Riesenweber <
joshua.riesenweber at outlook.com> wrote:
> G'day 'noggers,
>
>
> I had a customer hit with what looks like a DoS attack from (mainly) a
> couple of addresses address last night:
> *220.239.56.245* [c220-239-56-245.eburwd6.vic.optusnet.com.au]
> *121.214.8.170* [cpe-121-214-8-170.lnse3.win.bigpond.net.au]
>
> Any tips on tracking this kind of thing down/getting more information?
> (mainly for reporting)
> I'm guessing by the PTR that second address is a customer endpoint, not
> Telstra equipment.
>
>
>
>
> Cheers,
> Josh
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140304/91675963/attachment.html>
More information about the AusNOG
mailing list