So, it was a TCP port 80 attack directed against one IP address.
I passed this on to my contacts at CAIDA who passed it onto the UCSD NOC who have got the
IP blocked.
The traffic has now returned to normal.
Chris - G1FEF
On 27 Sep 2021, at 07:25, Ruben ON3RVH via 44Net
<44net(a)mailman.ampr.org> wrote:
Marius,
If you filter it upstream (meaning filter it at the transit border level) it would not
saturate the public interface anymore as it would not reach the transit pipe anymore.
73
Ruben ON3RVH
-----Original Message-----
From: 44Net <44net-bounces+on3rvh=on3rvh.be(a)mailman.ampr.org> On Behalf Of Marius
Petrescu via 44Net
Sent: Monday, September 27, 2021 08:18
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: Marius Petrescu <marius(a)yo2loj.ro>
Subject: Re: [44net] Sustained DDOS attack
And how would that help?
It won't make the bandwidth available, the packets would still saturate the public
interface.
On 27/09/2021 09:15, Borja Marcos via 44Net wrote:
On 25 Sep 2021, at 10:40, Chris Smith via 44Net
<44net(a)mailman.ampr.org> wrote:
FYI
The gateway machine at UCSD has been under a sustained DDOS attack now for over 24 hours,
so if anyone is seeing heavy packet loss through the gateway, that’s why. The 1Gb/s
interface is max’d out. You can view the interface stats here:
http://mrtg.portal.ampr.org Seems to be a DNS DDoS.
Can’t you filter upstream? Let me know if you need assistance.
Borja - EA2EKH
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net