[geeks] Fwd: [Incident 020324-000029] unroutable traffic being passed to my nameserver
alex j avriette
avriettea at speakeasy.net
Fri Mar 29 17:40:08 CST 2002
What's the truth in this, NOC-geeks?
alex
Begin forwarded message:
> From: abuse at speakeasy.net
> Date: Fri Mar 29, 2002 03:28:34 PM US/Eastern
> To: avriettea at speakeasy.net
> Subject: [Incident 020324-000029] unroutable traffic being passed to my
> nameserver
>
>
> We are writing to inform you that we have just updated your Customer
> Support inquiry.
>
> Please DO NOT reply to this email, as will not be able to respond to it
> or provide additional support.
>
> To ensure that you receive a higher level of service, we kindly request
> that you make further updates to or close your support request in
> MySpeakeasy (http://www.speakeasy.net/myspeak). Select Customer
> Support from the navigation menu and go to the My Info tab to view.
>
> For your convenience, we have included a summary of the inquiry details
> below.
>
> Thanks!
>
> The Speakeasy Crew
>
>
> Subject
> ---------------------------------------------------------------
> unroutable traffic being passed to my nameserver
>
> Suggested Answer
> ---------------------------------------------------------------
> At 03/29/2002 12:21 PM we wrote -
>
> Greetings,
> I've spoken with our network engineers, and apparantly implementing
> this would generate far too much load on our routers; same goes for our
> upstream provider, Internap. It's definaly something we'd like to do,
> but just isn't feasable with our current setup.
>
> Question
> ---------------------------------------------------------------
> I have gotten, since march 23 at 5:15 pm (which is to say 17 hours ago),
> 2410 unroutable packets (from 172.24.224.87 and 172.25.224.89). I've
> asked in the past, and I'm asking again now since I seem to be getting
> even more. Could you please filter traffic from private networks? There
> is no reason to route it, as replies are impossible, and the traffic is
> always private -- or malicious.
>
> It is specified in RFC 1918, which is available here:
>
> http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc1918.html
>
> A simple capture of the traffic from the two hosts mentioned above is
> available here:
>
> http://envy.posixnap.net/~alex/logs_for_abuse.txt
>
> I have been subject to two attacks in the last month or so, both of
> which involved Mb/s traffic from unroutable hosts. This traffic was
> either spoofed or erroneous, but it would save you and me both bandwidth
> and headaches if this traffic could just be dropped at your routers.
>
> Thanks for your time, and a reply would be appreciated.
>
> -alex
>
--
alex j avriette, perl hacker
avriettea at speakeasy.net
http://envy.posixnap.net/
>
>
>
>
> Question Reference #020324-000029
> ---------------------------------------------------------------
> Product: Tech Support
> Sub-Product: Security and Abuse
> Contact: avriettea at speakeasy.net
> Date Created: 03/24/2002 07:45 AM
> Last Updated: 03/29/2002 12:28 PM
> Elapsed Time: 0 Minutes
> Status: Closed
> OS:
>
>
>
>
>
> Thanks,
>
> Henry Hurley
> Speakeasy Network Abuse
More information about the geeks
mailing list