Have to admit, I was a little confused to see anything under an attack for over 24 hours.. All of our upstreams support blackhole communities, and realtime mitigation. We’re constantly having them soak upwards of 80Gbits of DDoS at any time. Any single IP that ends up with > 20gbps of DDoS pointed at it, ends up with a /32 blackhole announced to all peers, and that traffic just goes away.
Why is UCSD’s upstream not washing the DDoS? (And why is UCSD not identifying the target and blackholing it upstream?)
Cheers,
DG
On Mon, 27 Sep 2021 at 4:17 pm, Borja Marcos via 44Net < 44net@mailman.ampr.org> wrote:
On 25 Sep 2021, at 10:40, Chris Smith via 44Net 44net@mailman.ampr.org
wrote:
FYI
The gateway machine at UCSD has been under a sustained DDOS attack now
for over 24 hours, so if anyone is seeing heavy packet loss through the gateway, that’s why. The 1Gb/s interface is max’d out. You can view the interface stats here:
Seems to be a DNS DDoS.
Can’t you filter upstream? Let me know if you need assistance.
Borja - EA2EKH
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net