LISTSERV - YORK-ANNOUNCE-L Archives

YORK-ANNOUNCE-L Archives

York U. announcements list - READ ONLY

YORK-ANNOUNCE-L@YORKU.CA

	LISTSERV Archives
	YORK-ANNOUNCE-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Status of Internet problems on 4/Mar/98
From:	Sam Leung <[log in to unmask]>
Reply To:	York U. announcements list - READ ONLY
Date:	Thu, 5 Mar 1998 13:10:25 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (51 lines)

Below is a report from ONet support regarding the Internet problems that

we experienced yesterday, 04-March-98.

At 3:50 P.M., a filter was implemented on the CA*Net router to block the
PING attack from
the network.

Regards,
Leung
Network Operations

------------------------------------------------------------------------------

On Wed, 4 Mar 1988, 17:14:53 Mohamed wrote :

***********************************************************************
A machine in Computer Science at U/Toronto has been the subject of a
massive PING-OF-DEATH/SMURF attack since 4 AM. Onet support installed
a blocking filter on the edge of ONet, but the incoming packet load is
so heavy that the router can't handle it all and is dropping packets
all over. We are trying to push the filter out towards the Internet,
but the source addresses have been faked, so it  strictly a matter of
guessing which interfaces to filter on, installing the filter, watching
for hits, then contacting network operations at the upstream for them
to do the same thing - it takes a few hours per hop to get things
coordinated. We've pushed the filtering out to BITS (CA*net) already.

Our filters are now not doing any useful filtering, but BITS (CA*Net)is
trying to deal with the problem now. It seems that the traffic is not
coming from MCI (their first guess), so they are trying their other
connections (Sprint, TeleGlobe, UUNET, ...). Last I heard it looks
like the packets are arriving via Sprint. Their router is now
over-loaded doing the filtering, and ours is back to normal.

No idea when the problem will be "resolved" - the generator(s) are
probably at diverse sites around the Internet, which will spread the
faked packets out enough to avoid overloading their own network
connections, so their own providers are not suspicious.

********************************************************************
04-Mar 15:50 EST. Bell ITS (CA*Net) has placed a filter on
psp.on.canet.ca
to deny all packets destined for 128.100.2.81.  This will be left in
place
until Bell or ITS notices the attack has stopped.
*********************************************************************
Mohamed,  Network Operations  Centre.
                  Uof T,  Computing and Networking Services
-------------------------------------------------------------------------------

ATOM RSS1 RSS2

LISTSERV.YORKU.CA