27 Sep
2021
27 Sep
'21
2:20 a.m.
Have to admit, I was a little confused to see anything under an attack for
over 24 hours.. All of our upstreams support blackhole communities, and
realtime mitigation. We’re constantly having them soak upwards of 80Gbits
of DDoS at any time. Any single IP that ends up with > 20gbps of DDoS
pointed at it, ends up with a /32 blackhole announced to all peers, and
that traffic just goes away.
Why is UCSD’s upstream not washing the DDoS? (And why is UCSD not
identifying the target and blackholing it upstream?)
Cheers,
DG
On Mon, 27 Sep 2021 at 4:17 pm, Borja Marcos via 44Net <
44net(a)mailman.ampr.org> wrote:
On 25 Sep 2021, at 10:40, Chris Smith via 44Net
<44net(a)mailman.ampr.org>
wrote:
FYI
The gateway machine at UCSD has been under a sustained DDOS attack now
for over 24
hours, so if anyone is seeing heavy packet loss through the
gateway, that’s why. The 1Gb/s interface is max’d out. You can view the
interface stats here:
Seems to be a DNS DDoS.
Can’t you filter upstream? Let me know if you need assistance.
Borja - EA2EKH
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net