The DDoS attack on net 44 continues. I'm filtering out a goodly amount of it at amprgw, but the people whose subnets are directly connected (BGP announced) are getting hit too, and there's nothing I can do to filter it out here.
Our traffic is not particularly high here, of course there is a few Mbit/s of noise but it has been higher at times.
Rob
Yes, it's subsided quite a bit. The amprgw machine is only spending less than 15% of its processor time filtering packets, vs over 25% earlier and on the weekend. Perhaps posting my filter script/program was another fine example of closing the barn door after the horse has bolted.
Just now, it took 287 seconds to gather 100 million packets, comprising 7100 different source addresses. This is rather more than usual. The blocking table now contains 18,000 entries. - Brian
On Wed, May 10, 2017 at 06:33:22PM +0200, Rob Janssen wrote:
Our traffic is not particularly high here, of course there is a few Mbit/s of noise but it has been higher at times. Rob
Does the log show also the ports beying probed ? (sourse and destination ?) beside source and destination IP ?
Is it possible to see a part of it ? (say 100 lines from the logs)
________________________________ From: 44Net 44net-bounces+ronenp=hotmail.com@hamradio.ucsd.edu on behalf of Brian Kantor Brian@UCSD.Edu Sent: Wednesday, May 10, 2017 9:56 AM To: AMPRNet working group Subject: Re: [44net] storm blocking
(Please trim inclusions from previous messages) _______________________________________________
7100 different source addresses. This is rather more than usual. The blocking table now contains 18,000 entries. - Brian
No, there is no log, I've just been watching live captures. - Brian
On Wed, May 10, 2017 at 06:28:34PM +0000, R P wrote:
Does the log show also the ports beying probed ? (sourse and destination ?) beside source and destination IP ?
Is it possible to see a part of it ? (say 100 lines from the logs)
-
Brian Kantor -
R P -
Rob Janssen