- To: outages-list@eskimo.com
- Subject: Denial of Service attack (UDP fragment flood)
- From: Robert Dinse <nanook@eskimo.com>
- Date: Sun, 8 Oct 2000 22:17:34 -0700 (PDT)
- cc: noc@sprint.com, opers@njlinked.com
- Newsgroups: lobby, announcements, comp.dcom.sys.cisco
- Reply-To: Robert Dinse <nanook@eskimo.com>
- Resent-Date: Sun, 8 Oct 2000 22:19:08 -0700
- Resent-From: outages-list@eskimo.com
- Resent-Message-ID: <"gcEp53.0.6h.BLLuv"@mx1>
- Resent-Sender: outages-list-request@eskimo.com
- Prev by Date: pop-3
- Next by Date: News Server Is down
- Prev by thread: pop-3
- Next by thread: News Server Is down
- Index(es):
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Denial of Service attack (UDP fragment flood)
About 9pm Pacific time we were hit with a UDP flood denial of service
attack of sufficient intensity to largely saturate our two T1's used for the
backbone connectivity for the host machines here.
We have an access list on the outbound router at Sprint that would
normally prevent this type of attack from being effective if it were not for
the Cisco packet fragment leak bug.
In order to recover the functionality of the rest of our hosts we've had
to ask Sprint to put a null route in for our IRC server which is the target of
the attack.
This means that our IRC server, irc.eskimo.com, will not be accessible
from outside of the local LAN until this attack stops and we can have Sprint
remove the null route.