RE: IPv6 DoS from 3ffe:3200:f:f::2
Mr. Itojun, I feel definitely sorry for the bother we bring to you. We really have done some work on our IPv6 Webs Collection since last time.Such as:1)change collection frequency from every 1 week to every half of a month,2) modify collection method. Unfortunately,it hasn't get a satisfied result. So,we will have a full test in our own IPv6 sites,and make sure that it will not bring such problem anymore. Could you do me a favour to send your logs to me? That will help us find the bug as soon as possible. Thanks and Sorry again. Best, li Yue. On Fri, 30 Nov 2001, Haisang Wu wrote: I am sorry Itojun, I will deal with this immediately. Ms. Liyue, could you have a look at the problem? It seems that we are making trouble again. best Haisang ___ Haisang Wu CERNET Center Central Mainbuilding Tsinghua University Beijing 100084 P.R.China Tel: +86-10-62785814-525(O) Email: [EMAIL PROTECTED] ___ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Friday, November 30, 2001 2:41 PM To: Haisang Wu Cc: Jeroen Massar; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: IPv6 DoS from 3ffe:3200:f:f::2 We have found out the problem. One team in our lab is doing an experiment on IPv6 Data Searching, so they are digging data from IPv6 websites. Sorry for the disturbing and trouble we made. We have stopped the routing for them. They will change their methods to collecting data on web. the web crawler (3ffe:3200:f:f::2) is misbehaving again and sending bogus traffic to one of IPv6 webservers I have (the crawler seems to be in an infinite loop, and fetching the same page again and again). while it is good to see the real use of IPv6, please monitor the behavior of your web crawlers carefully. itojun - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
Re: IPv6 DoS from 3ffe:3200:f:f::2
We have found out the problem. One team in our lab is doing an experiment on IPv6 Data Searching, so they are digging data from IPv6 websites. Sorry for the disturbing and trouble we made. We have stopped the routing for them. They will change their methods to collecting data on web. the web crawler (3ffe:3200:f:f::2) is misbehaving again and sending bogus traffic to one of IPv6 webservers I have (the crawler seems to be in an infinite loop, and fetching the same page again and again). while it is good to see the real use of IPv6, please monitor the behavior of your web crawlers carefully. itojun - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: IPv6 DoS from 3ffe:3200:f:f::2
Itojun [EMAIL PROTECTED] wrote: the node (3ffe:3200:f:f::2) is still sending bogus http requests (over IPv6) to multiple servers we have. it could be web crawler of some sort that went mad, but anyway, it is too annoying. again, please stop it. whoever you are, if you are reading it, please stop it. thanks. I've cc:'d the people in the 6bone range for you... Give them 24 hours to reply (they are very prolly in your timezone) and then call them up... And if they don't reply... simply add some nice rerouting to that ::1 target and wait till they wake up... that should be quite soon if they have any activity on the 6bone :) Ofcourse this is taking into consideration RFC 2772, section 7 on page 10: 8-- -- 2. The pTLA Applicant MUST have the ability and intent to provide production-quality 6Bone backbone service. Applicants must provide a statement and information in support of this claim. This MUST include the following: a. A support staff of two persons minimum, three preferable, with person attributes registered for each in the ipv6-site object for the pTLA applicant. b. A common mailbox for support contact purposes that all support staff have acess to, pointed to with a notify attribute in the ipv6-site object for the pTLA Applicant. 8 Would not be very handy if they are 'running rogue'... Greets and goodluck, Jeroen 8-- jeroen@purgatory:~$ whois -h whois.6bone.net 3ffe:3200:f:f::2 % RIPEdb(3.0.0b2) with ISI RPSL extensions inet6num: 3FFE:3200::/24 netname: CERNET descr:pTLA delegation for the 6bone country: CN admin-c: LX1-6BONE tech-c: CMK1-6BONE remarks: This object is automatically converted from the RIPE181 registry notify: [EMAIL PROTECTED] mnt-by: MNT-TH-CERNET changed: [EMAIL PROTECTED] 19981201 changed: [EMAIL PROTECTED] 20010117 source: 6BONE SNIP person: Li Xing address: Department of Electronic Engineering Tsinghua University, Beijing, 100084 China phone:+86 10 6278 5982 phone:+86 10 6275 2614 e-mail: [EMAIL PROTECTED] SNIP person: Chen Maoke address: Department of Electronic Engineering Tsinghua University, Beijing, 100084, China phone:+86 10 6277 7734 phone:+86 10 6278 5005 525 e-mail: [EMAIL PROTECTED] SNIP person: Wu Haisang address: Department of Electronic Engineering Tsinghua University, Beijing, 100084, China phone:+86 10 6277 4369 phone:+86 10 6278 5005 525 e-mail: [EMAIL PROTECTED] --8 - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
Re: IPv6 DoS from 3ffe:3200:f:f::2
our webserver (www.iijlab.net) is under DoS (I would say so) attack from 3ffe:3200:f:f::2 (compass6.compass.edu.cn). the machine transmits bogus HTTP get request like every second, from wget 1.7 (popular webpage grabbing tool). the attack, or misconfiguration, has been running for at least 2 weeks. the node (3ffe:3200:f:f::2) is still sending bogus http requests (over IPv6) to multiple servers we have. it could be web crawler of some sort that went mad, but anyway, it is too annoying. again, please stop it. whoever you are, if you are reading it, please stop it. thanks. itojun - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]