On Thu, 27 Mar 2003, Mike Rosing wrote: > On Thu, 27 Mar 2003, Sunder wrote: > > > For the little that I get, this is what I get out of a traceroute: > > > > 11 acr2-loopback.Seattle.cw.net (208.172.82.62) 79.920 ms 74.381 ms > > 88.037 ms > > 12 bhr2-pos-0-0.Tukwilase2.cw.net (208.172.81.222) 79.107 ms 83.846 ms > > 91.354 ms > > 13 * csr11-ve243.Tukwilase2.cw.net (216.34.64.147) 73.553 ms 81.541 ms > > 14 * * * > > 15 * * * > > > > I've found one DNS server claiming that this is the right ip for it: > > 216.34.94.186 > > Yup, looks like "whois" got it right - those are Cable & Wireless servers. > > Could just be a simple flooding DoS attack. But now how do we find all > the floding packets and their sources?
I see slightly further in, FWIW. This looks like a legacy Exodus customer. [...] 12 204.255.174.186 (204.255.174.186) 120 ms 117 ms 120 ms 13 dcr1-so-4-3-0.Washington.cw.net (208.173.52.114) 130 ms 240 ms 120 ms 14 acr2-loopback.Seattle.cw.net (208.172.82.62) 200 ms 195 ms 200 ms 15 bhr2-pos-0-0.Tukwilase2.cw.net (208.172.81.222) 200 ms 195 ms 200 ms 16 csr11-ve243.Tukwilase2.cw.net (216.34.64.147) 200 ms 195 ms 200 ms 17 jerry.exodus.net (216.34.83.66) 200 ms 292 ms 200 ms 18 * * * 19 * * * [...] That netblock is indeed assigned to CW: [...] OrgName: Cable & Wireless OrgID: EXCW Address: 3300 Regency Pkwy City: Cary StateProv: NC PostalCode: 27511 Country: US NetRange: 216.32.0.0 - 216.35.255.255 CIDR: 216.32.0.0/14 NetName: LEGACY-8 NetHandle: NET-216-32-0-0-1 Parent: NET-216-0-0-0-0 NetType: Direct Allocation NameServer: DNS01.EXODUS.NET NameServer: DNS02.EXODUS.NET NameServer: DNS03.EXODUS.NET NameServer: DNS04.EXODUS.NET Comment: * Rwhois reassignment information for this block is available at: Comment: * rwhois.exodus.net 4321 Comment: * For abuse please contact [EMAIL PROTECTED] RegDate: 1998-07-30 Updated: 2002-10-30 [...] As for finding out ifs and wheres about a possible DOS, you'll need to talk to the administrators of the routers through which traffic is passing. Nothing of interest has passed through on NANOG yet on that side, and they are talking about this. -j -- Jamie Lawrence [EMAIL PROTECTED] "And don't tell me there isn't one bit of difference between null and space, because that's exactly how much difference there is." - Larry Wall
