On Fri, 4 May 2001, Talley, Brooks wrote: > I'm in a bit of a bind here. My network is currently experincing 27mbps > of incoming ICMP echo-requests, all coming from -- suprise -- China. > It's been going on since 5am PDT (13 hours, so far). > The pings are coming from all over the 211.72/16 netblock. All over it. > > Thanks > Brooks Talley > FRNK Technology Group If they are coming from the 211.72/16 netblock, it would seem that it is someone using that networks broadcast ips as amplifiers to attack you, in which case there is no reason to think its an attack of Chinese origin necessarily. In these heated times there is no need to give every 14 year old with a broadcast scanner the power to lend fuel to international tension by falsely laying blame, although it would be nice if the upstreams on the /16 had ingress/egress filters in place.. In the meantime, try calling your upstream or provider and have them blackhole the offending subnet upstream from your router.. (although this can get more frustrating than the attack itself..) -jason storm
This archive was generated by hypermail 2b30 : Sat May 05 2001 - 07:56:48 PDT