28 Sep
2021
28 Sep
'21
6:13 a.m.
Do you have or can you get RTBH setup with UCSD? So from the 44net gateway
box you can announce problematic /32s or larger with a black hole community
e.g :666, which they then null route on their borders? Also that they then
propagate to their upstreams.
This is a very common simple setup. If today the 44net space is static
routed from UCSD to the gateway box then you could still do private BGP
with them which only the blackhole prefixes are announced, leaving the
static in place for the covering routes.
On Mon, 27 Sep 2021 at 22:12, Chris Smith via 44Net <44net(a)mailman.ampr.org>
wrote:
There has been a plan in place to upgrade the link to
10Gb/s for nearly a
year, there were two attempts at upgrading which failed due to the new link
not working, but UCSD have now identified the issue and the upgrade has
been expedited and, all being well, it will be upgraded within the next
week or two.
Of course that just means the next DDOS will be hitting the gateway much
harder, but at least we will have some decent headroom under normal
circumstances.
73,
Chris - G1FEF
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
--
Nat
https://nat.ms
+44 7531 750292
On 27 Sep 2021, at 09:20, Tim de Boer via 44Net
<44net(a)mailman.ampr.org>
wrote:
I agree with Rob! Normally you should start upgrading the connection if
the
average reaches 50% of it's capacity
--
Tim (PH4T)
On Mon, 27 Sept 2021 at 10:03, Rob PE1CHL via 44Net <
44net(a)mailman.ampr.org>
wrote:
> Yes it would be worthwile to research (with the IP address as
information)
> what could
> be the reason behind this. Assuming it was not 44.0.0.1 but some
> amateur's IP, it could
> be some retaliation against that person and they may be able to
identify a
> likely source
> and legal action may be possible.
>
> Aside from that, I think there is too little headroom on this connection
> and it needs
> to be upgraded to 10Gbit or some teamed 1Gbit links when that is more
> practical.
> The background noise already takes up 650Mbit/s of the 1Gbit/s
available...
Rob
On 9/27/21 9:33 AM, Marius Petrescu via 44Net wrote:
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net Tnx. Chris for the update.
I'm still wondering what the goal of such an attack is...
On 27/09/2021 10:30, Chris Smith via 44Net wrote:
> So, it was a TCP port 80 attack directed against one IP address.
>
> I passed this on to my contacts at CAIDA who passed it onto the UCSD
NOC who
have got the IP blocked.
>
> The traffic has now returned to normal.
>
> Chris - G1FEF
>
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net