Re: [44net] storm blocking

On 5/10/17 12:40 AM, Brian Kantor wrote:

The DDoS attack on net 44 continues. I'm filtering out a goodly amount of it at amprgw, but the people whose subnets are directly connected (BGP announced) are getting hit too, and there's nothing I can do to filter it out here. Basically, if you're directly connected (ie, not on a tunnel), you have to add a list of bad guys to your own firewall blocking.

I'm not seeing anything out of the ordinary on any of our blocks here in the bay area.

Seeing about ~1kpps here on our upstream and we have several "high traffic" voip hubs on here.

We did have a user leave a radio with default passwords on it the other day. Luckily someone on the internet was able to change this for him.