Keyboard Shortcuts
Thread View
j: Next unread messagek: Previous unread messagej a: Jump to all threadsj l: Jump to MailingList overview
Hello Anurag,
Thanks for your quick reply and support. Our ASN is 134375 and we are getting DDOS on 14.141.116.206 (Which is fusionnet side IP provided by TCL for BGP session). Due to this DDOS, our link is getting over utilized .
Please help.
[cid:image001.png@01D6FCAB.7E578380]
Regards, Parthesh Kumar
From: Anurag Bhatia me@anuragbhatia.com Sent: 06 February 2021 17:03 To: Parthesh Kumar parthesh.kumar@fusionnet.in Subject: Re: [INNOG] DDOS Attack from IP -135.181.150.93 , ASN24940
(Offlist)
Hi Parthesh
There's a group of network operators and I have reached out to Hetzner contact there. I don't know person directly but will pass your message.
In meanwhile can you share more details like your ASN, which IP(s) of your are under attack and may be packet capture?
All that helps in speeding up responses.
On Sat, Feb 6, 2021 at 5:01 PM Anurag Bhatia <me@anuragbhatia.commailto:me@anuragbhatia.com> wrote: Hi
I will connect you with contacts at Hetzner offlist.
Thanks.
On Sat, Feb 6, 2021 at 4:46 PM Parthesh Kumar <parthesh.kumar@fusionnet.inmailto:parthesh.kumar@fusionnet.in> wrote:
Dear Team,
We are getting DDOS attack from source IP 135.181.150.93 , which belongs to (Hetzner Online GmbH ,AS24940,Country-Germany). We are continuously following up with them on abuse@hetzner.commailto:abuse@hetzner.com but not getting any response .
Can anyone please help and suggest further.
Regards, Parthesh Kumar
_______________________________________________ INNOG mailing list -- innog@innog.netmailto:innog@innog.net To unsubscribe send an email to innog-leave@innog.netmailto:innog-leave@innog.net
-- Anurag Bhatia anuragbhatia.comhttp://anuragbhatia.com
-- Anurag Bhatia anuragbhatia.comhttp://anuragbhatia.com
Attachments:
- image001.png (image/png — 37.1 KB)
Hi Parthesh
As per contact at Hetzner the abuse dept. does not work on weekends. Try mailing to noc@hetzner.com and someone in their NOC team can help.
Thanks.
On Sat, Feb 6, 2021 at 5:14 PM Parthesh Kumar parthesh.kumar@fusionnet.in wrote:
Hello Anurag,
Thanks for your quick reply and support. Our ASN is 134375 and we are getting DDOS on 14.141.116.206 (Which is fusionnet side IP provided by TCL for BGP session). Due to this DDOS, our link is getting over utilized .
Please help.
*Regards,*
*Parthesh Kumar*
*From:* Anurag Bhatia me@anuragbhatia.com *Sent:* 06 February 2021 17:03 *To:* Parthesh Kumar parthesh.kumar@fusionnet.in *Subject:* Re: [INNOG] DDOS Attack from IP -135.181.150.93 , ASN24940
(Offlist)
Hi Parthesh
There's a group of network operators and I have reached out to Hetzner contact there. I don't know person directly but will pass your message.
In meanwhile can you share more details like your ASN, which IP(s) of your are under attack and may be packet capture?
All that helps in speeding up responses.
On Sat, Feb 6, 2021 at 5:01 PM Anurag Bhatia me@anuragbhatia.com wrote:
Hi
I will connect you with contacts at Hetzner offlist.
Thanks.
On Sat, Feb 6, 2021 at 4:46 PM Parthesh Kumar parthesh.kumar@fusionnet.in wrote:
Dear Team,
We are getting DDOS attack from source IP 135.181.150.93 , which belongs to (Hetzner Online GmbH ,AS24940,Country-Germany). We are continuously following up with them on abuse@hetzner.com but not getting any response .
Can anyone please help and suggest further.
*Regards,*
*Parthesh Kumar*
INNOG mailing list -- innog@innog.net To unsubscribe send an email to innog-leave@innog.net
--
Anurag Bhatia
anuragbhatia.com
--
Anurag Bhatia
anuragbhatia.com
Hi,
Thanks for update.
Regards, Parthesh Kumar
From: Anurag Bhatia me@anuragbhatia.com Sent: 06 February 2021 17:32 To: Parthesh Kumar parthesh.kumar@fusionnet.in Cc: innog@innog.net Subject: Re: [INNOG] DDOS Attack from IP -135.181.150.93 , ASN24940
Hi Parthesh
As per contact at Hetzner the abuse dept. does not work on weekends. Try mailing to noc@hetzner.commailto:noc@hetzner.com and someone in their NOC team can help.
Thanks.
On Sat, Feb 6, 2021 at 5:14 PM Parthesh Kumar <parthesh.kumar@fusionnet.inmailto:parthesh.kumar@fusionnet.in> wrote:
Hello Anurag,
Thanks for your quick reply and support. Our ASN is 134375 and we are getting DDOS on 14.141.116.206 (Which is fusionnet side IP provided by TCL for BGP session). Due to this DDOS, our link is getting over utilized .
Please help.
[cid:image001.png@01D6FCAE.42C84AE0]
Regards, Parthesh Kumar
From: Anurag Bhatia <me@anuragbhatia.commailto:me@anuragbhatia.com> Sent: 06 February 2021 17:03 To: Parthesh Kumar <parthesh.kumar@fusionnet.inmailto:parthesh.kumar@fusionnet.in> Subject: Re: [INNOG] DDOS Attack from IP -135.181.150.93 , ASN24940
(Offlist)
Hi Parthesh
There's a group of network operators and I have reached out to Hetzner contact there. I don't know person directly but will pass your message.
In meanwhile can you share more details like your ASN, which IP(s) of your are under attack and may be packet capture?
All that helps in speeding up responses.
On Sat, Feb 6, 2021 at 5:01 PM Anurag Bhatia <me@anuragbhatia.commailto:me@anuragbhatia.com> wrote: Hi
I will connect you with contacts at Hetzner offlist.
Thanks.
On Sat, Feb 6, 2021 at 4:46 PM Parthesh Kumar <parthesh.kumar@fusionnet.inmailto:parthesh.kumar@fusionnet.in> wrote:
Dear Team,
We are getting DDOS attack from source IP 135.181.150.93 , which belongs to (Hetzner Online GmbH ,AS24940,Country-Germany). We are continuously following up with them on abuse@hetzner.commailto:abuse@hetzner.com but not getting any response .
Can anyone please help and suggest further.
Regards, Parthesh Kumar
_______________________________________________ INNOG mailing list -- innog@innog.netmailto:innog@innog.net To unsubscribe send an email to innog-leave@innog.netmailto:innog-leave@innog.net
-- Anurag Bhatia anuragbhatia.comhttp://anuragbhatia.com
-- Anurag Bhatia anuragbhatia.comhttp://anuragbhatia.com
-- Anurag Bhatia anuragbhatia.comhttp://anuragbhatia.com
Hi Parthesh, bit late on this. but sharing it anyway as it may be helpful to other members. contacting the admin person of attacking ip would be a lengthy process and won't be much helpful in resolving the ongoing issue quickly.
Better to blackhole these IPs using the blackhole community provided by upstream providers.
Since we have an ISP community here I would request all ISP should take the below measures.
- Blackhole IPs - Use the blackhole community from upstream providers to blackhole IPs sending malicious traffic. - Source Check - Allow only IPs assigned to Customers to enter into ISP Network. - Spamming - Block port 25 by default - Allow ports open on customers request. - block well known vulnerable ports. - Analyse natlogs to understand which customers are sending malicious traffic. ( CERT-in periodically sends botnet block request to isp )
Regards Vijay A.
On Sat, Feb 6, 2021, 17:35 Parthesh Kumar parthesh.kumar@fusionnet.in wrote:
Hi,
Thanks for update.
*Regards,*
*Parthesh Kumar*
*From:* Anurag Bhatia me@anuragbhatia.com *Sent:* 06 February 2021 17:32 *To:* Parthesh Kumar parthesh.kumar@fusionnet.in *Cc:* innog@innog.net *Subject:* Re: [INNOG] DDOS Attack from IP -135.181.150.93 , ASN24940
Hi Parthesh
As per contact at Hetzner the abuse dept. does not work on weekends. Try mailing to noc@hetzner.com and someone in their NOC team can help.
Thanks.
On Sat, Feb 6, 2021 at 5:14 PM Parthesh Kumar parthesh.kumar@fusionnet.in wrote:
Hello Anurag,
Thanks for your quick reply and support. Our ASN is 134375 and we are getting DDOS on 14.141.116.206 (Which is fusionnet side IP provided by TCL for BGP session). Due to this DDOS, our link is getting over utilized .
Please help.
*Regards,*
*Parthesh Kumar*
*From:* Anurag Bhatia me@anuragbhatia.com *Sent:* 06 February 2021 17:03 *To:* Parthesh Kumar parthesh.kumar@fusionnet.in *Subject:* Re: [INNOG] DDOS Attack from IP -135.181.150.93 , ASN24940
(Offlist)
Hi Parthesh
There's a group of network operators and I have reached out to Hetzner contact there. I don't know person directly but will pass your message.
In meanwhile can you share more details like your ASN, which IP(s) of your are under attack and may be packet capture?
All that helps in speeding up responses.
On Sat, Feb 6, 2021 at 5:01 PM Anurag Bhatia me@anuragbhatia.com wrote:
Hi
I will connect you with contacts at Hetzner offlist.
Thanks.
On Sat, Feb 6, 2021 at 4:46 PM Parthesh Kumar parthesh.kumar@fusionnet.in wrote:
Dear Team,
We are getting DDOS attack from source IP 135.181.150.93 , which belongs to (Hetzner Online GmbH ,AS24940,Country-Germany). We are continuously following up with them on abuse@hetzner.com but not getting any response .
Can anyone please help and suggest further.
*Regards,*
*Parthesh Kumar*
INNOG mailing list -- innog@innog.net To unsubscribe send an email to innog-leave@innog.net
--
Anurag Bhatia
anuragbhatia.com
--
Anurag Bhatia
anuragbhatia.com
--
Anurag Bhatia
anuragbhatia.com _______________________________________________ INNOG mailing list -- innog@innog.net To unsubscribe send an email to innog-leave@innog.net
Hi Vijay,
Thanks for sharing the information. Can you please share any blackhole community email id for future references.
Thanks again !
Regards, Parthesh Kumar
From: Vijay Ahire vijay@my7star.com Sent: 08 February 2021 15:25 To: Parthesh Kumar parthesh.kumar@fusionnet.in Cc: Anurag Bhatia me@anuragbhatia.com; innog@innog.net Subject: Re: [INNOG] Re: DDOS Attack from IP -135.181.150.93 , ASN24940
Hi Parthesh, bit late on this. but sharing it anyway as it may be helpful to other members. contacting the admin person of attacking ip would be a lengthy process and won't be much helpful in resolving the ongoing issue quickly.
Better to blackhole these IPs using the blackhole community provided by upstream providers.
Since we have an ISP community here I would request all ISP should take the below measures.
* Blackhole IPs - Use the blackhole community from upstream providers to blackhole IPs sending malicious traffic. * Source Check - Allow only IPs assigned to Customers to enter into ISP Network. * Spamming - Block port 25 by default - Allow ports open on customers request. * block well known vulnerable ports. * Analyse natlogs to understand which customers are sending malicious traffic. ( CERT-in periodically sends botnet block request to isp )
Regards Vijay A.
On Sat, Feb 6, 2021, 17:35 Parthesh Kumar <parthesh.kumar@fusionnet.inmailto:parthesh.kumar@fusionnet.in> wrote:
Hi,
Thanks for update.
Regards, Parthesh Kumar
From: Anurag Bhatia <me@anuragbhatia.commailto:me@anuragbhatia.com> Sent: 06 February 2021 17:32 To: Parthesh Kumar <parthesh.kumar@fusionnet.inmailto:parthesh.kumar@fusionnet.in> Cc: innog@innog.netmailto:innog@innog.net Subject: Re: [INNOG] DDOS Attack from IP -135.181.150.93 , ASN24940
Hi Parthesh
As per contact at Hetzner the abuse dept. does not work on weekends. Try mailing to noc@hetzner.commailto:noc@hetzner.com and someone in their NOC team can help.
Thanks.
On Sat, Feb 6, 2021 at 5:14 PM Parthesh Kumar <parthesh.kumar@fusionnet.inmailto:parthesh.kumar@fusionnet.in> wrote:
Hello Anurag,
Thanks for your quick reply and support. Our ASN is 134375 and we are getting DDOS on 14.141.116.206 (Which is fusionnet side IP provided by TCL for BGP session). Due to this DDOS, our link is getting over utilized .
Please help.
Regards, Parthesh Kumar
From: Anurag Bhatia <me@anuragbhatia.commailto:me@anuragbhatia.com> Sent: 06 February 2021 17:03 To: Parthesh Kumar <parthesh.kumar@fusionnet.inmailto:parthesh.kumar@fusionnet.in> Subject: Re: [INNOG] DDOS Attack from IP -135.181.150.93 , ASN24940
(Offlist)
Hi Parthesh
There's a group of network operators and I have reached out to Hetzner contact there. I don't know person directly but will pass your message.
In meanwhile can you share more details like your ASN, which IP(s) of your are under attack and may be packet capture?
All that helps in speeding up responses.
On Sat, Feb 6, 2021 at 5:01 PM Anurag Bhatia <me@anuragbhatia.commailto:me@anuragbhatia.com> wrote: Hi
I will connect you with contacts at Hetzner offlist.
Thanks.
On Sat, Feb 6, 2021 at 4:46 PM Parthesh Kumar <parthesh.kumar@fusionnet.inmailto:parthesh.kumar@fusionnet.in> wrote:
Dear Team,
We are getting DDOS attack from source IP 135.181.150.93 , which belongs to (Hetzner Online GmbH ,AS24940,Country-Germany). We are continuously following up with them on abuse@hetzner.commailto:abuse@hetzner.com but not getting any response .
Can anyone please help and suggest further.
Regards, Parthesh Kumar
_______________________________________________ INNOG mailing list -- innog@innog.netmailto:innog@innog.net To unsubscribe send an email to innog-leave@innog.netmailto:innog-leave@innog.net
-- Anurag Bhatia anuragbhatia.comhttp://anuragbhatia.com
-- Anurag Bhatia anuragbhatia.comhttp://anuragbhatia.com
-- Anurag Bhatia anuragbhatia.comhttp://anuragbhatia.com _______________________________________________ INNOG mailing list -- innog@innog.netmailto:innog@innog.net To unsubscribe send an email to innog-leave@innog.netmailto:innog-leave@innog.net
Hi Parthesh, Blackhole BGP community attribute is provided by Upstream ISP. all Upstream providers have their own values configured. kindly ask Upstream providers to provide the same. provided value can be configured in your BGP router and inject route into the routing table to advertise DDOS ips to upstream providers. on receiving route upstream providers router will drop the traffic at their end only so malicious traffic won't reach on your network and won't congest your bandwidth. i hope this is helpful.
Regards Vijay A.
On Mon, Feb 8, 2021 at 3:51 PM Parthesh Kumar parthesh.kumar@fusionnet.in wrote:
Hi Vijay,
Thanks for sharing the information. Can you please share any blackhole community email id for future references.
Thanks again !
*Regards,*
*Parthesh Kumar*
*From:* Vijay Ahire vijay@my7star.com *Sent:* 08 February 2021 15:25 *To:* Parthesh Kumar parthesh.kumar@fusionnet.in *Cc:* Anurag Bhatia me@anuragbhatia.com; innog@innog.net *Subject:* Re: [INNOG] Re: DDOS Attack from IP -135.181.150.93 , ASN24940
Hi Parthesh,
bit late on this. but sharing it anyway as it may be helpful to other members.
contacting the admin person of attacking ip would be a lengthy process and won't be much helpful in resolving the ongoing issue quickly.
Better to blackhole these IPs using the blackhole community provided by upstream providers.
Since we have an ISP community here I would request all ISP should take the below measures.
- Blackhole IPs - Use the blackhole community from upstream providers
to blackhole IPs sending malicious traffic.
- Source Check - Allow only IPs assigned to Customers to enter into
ISP Network.
- Spamming - Block port 25 by default - Allow ports open on customers
request.
- block well known vulnerable ports.
- Analyse natlogs to understand which customers are sending malicious
traffic. ( CERT-in periodically sends botnet block request to isp )
Regards
Vijay A.
On Sat, Feb 6, 2021, 17:35 Parthesh Kumar parthesh.kumar@fusionnet.in wrote:
Hi,
Thanks for update.
*Regards,*
*Parthesh Kumar*
*From:* Anurag Bhatia me@anuragbhatia.com *Sent:* 06 February 2021 17:32 *To:* Parthesh Kumar parthesh.kumar@fusionnet.in *Cc:* innog@innog.net *Subject:* Re: [INNOG] DDOS Attack from IP -135.181.150.93 , ASN24940
Hi Parthesh
As per contact at Hetzner the abuse dept. does not work on weekends. Try mailing to noc@hetzner.com and someone in their NOC team can help.
Thanks.
On Sat, Feb 6, 2021 at 5:14 PM Parthesh Kumar parthesh.kumar@fusionnet.in wrote:
Hello Anurag,
Thanks for your quick reply and support. Our ASN is 134375 and we are getting DDOS on 14.141.116.206 (Which is fusionnet side IP provided by TCL for BGP session). Due to this DDOS, our link is getting over utilized .
Please help.
*Regards,*
*Parthesh Kumar*
*From:* Anurag Bhatia me@anuragbhatia.com *Sent:* 06 February 2021 17:03 *To:* Parthesh Kumar parthesh.kumar@fusionnet.in *Subject:* Re: [INNOG] DDOS Attack from IP -135.181.150.93 , ASN24940
(Offlist)
Hi Parthesh
There's a group of network operators and I have reached out to Hetzner contact there. I don't know person directly but will pass your message.
In meanwhile can you share more details like your ASN, which IP(s) of your are under attack and may be packet capture?
All that helps in speeding up responses.
On Sat, Feb 6, 2021 at 5:01 PM Anurag Bhatia me@anuragbhatia.com wrote:
Hi
I will connect you with contacts at Hetzner offlist.
Thanks.
On Sat, Feb 6, 2021 at 4:46 PM Parthesh Kumar parthesh.kumar@fusionnet.in wrote:
Dear Team,
We are getting DDOS attack from source IP 135.181.150.93 , which belongs to (Hetzner Online GmbH ,AS24940,Country-Germany). We are continuously following up with them on abuse@hetzner.com but not getting any response .
Can anyone please help and suggest further.
*Regards,*
*Parthesh Kumar*
INNOG mailing list -- innog@innog.net To unsubscribe send an email to innog-leave@innog.net
--
Anurag Bhatia
anuragbhatia.com
--
Anurag Bhatia
anuragbhatia.com
--
Anurag Bhatia
anuragbhatia.com
INNOG mailing list -- innog@innog.net To unsubscribe send an email to innog-leave@innog.net
Adding further to Vijay's point - consider setting up open source Fastnetmon as well. It can automate the detection and mitigation of DDoS. It won't fix the issue completely but can reduce it significantly as it can detect and act within seconds of attack and blackhole prefixes which are being attacked and thus minimising the impact on rest of network.
On Mon, Feb 8, 2021 at 4:15 PM Vijay Ahire vijay@my7star.com wrote:
Hi Parthesh, Blackhole BGP community attribute is provided by Upstream ISP. all Upstream providers have their own values configured. kindly ask Upstream providers to provide the same. provided value can be configured in your BGP router and inject route into the routing table to advertise DDOS ips to upstream providers. on receiving route upstream providers router will drop the traffic at their end only so malicious traffic won't reach on your network and won't congest your bandwidth. i hope this is helpful.
Regards Vijay A.
On Mon, Feb 8, 2021 at 3:51 PM Parthesh Kumar parthesh.kumar@fusionnet.in wrote:
Hi Vijay,
Thanks for sharing the information. Can you please share any blackhole community email id for future references.
Thanks again !
*Regards,*
*Parthesh Kumar*
*From:* Vijay Ahire vijay@my7star.com *Sent:* 08 February 2021 15:25 *To:* Parthesh Kumar parthesh.kumar@fusionnet.in *Cc:* Anurag Bhatia me@anuragbhatia.com; innog@innog.net *Subject:* Re: [INNOG] Re: DDOS Attack from IP -135.181.150.93 , ASN24940
Hi Parthesh,
bit late on this. but sharing it anyway as it may be helpful to other members.
contacting the admin person of attacking ip would be a lengthy process and won't be much helpful in resolving the ongoing issue quickly.
Better to blackhole these IPs using the blackhole community provided by upstream providers.
Since we have an ISP community here I would request all ISP should take the below measures.
- Blackhole IPs - Use the blackhole community from upstream providers
to blackhole IPs sending malicious traffic.
- Source Check - Allow only IPs assigned to Customers to enter into
ISP Network.
- Spamming - Block port 25 by default - Allow ports open on customers
request.
- block well known vulnerable ports.
- Analyse natlogs to understand which customers are sending malicious
traffic. ( CERT-in periodically sends botnet block request to isp )
Regards
Vijay A.
On Sat, Feb 6, 2021, 17:35 Parthesh Kumar parthesh.kumar@fusionnet.in wrote:
Hi,
Thanks for update.
*Regards,*
*Parthesh Kumar*
*From:* Anurag Bhatia me@anuragbhatia.com *Sent:* 06 February 2021 17:32 *To:* Parthesh Kumar parthesh.kumar@fusionnet.in *Cc:* innog@innog.net *Subject:* Re: [INNOG] DDOS Attack from IP -135.181.150.93 , ASN24940
Hi Parthesh
As per contact at Hetzner the abuse dept. does not work on weekends. Try mailing to noc@hetzner.com and someone in their NOC team can help.
Thanks.
On Sat, Feb 6, 2021 at 5:14 PM Parthesh Kumar < parthesh.kumar@fusionnet.in> wrote:
Hello Anurag,
Thanks for your quick reply and support. Our ASN is 134375 and we are getting DDOS on 14.141.116.206 (Which is fusionnet side IP provided by TCL for BGP session). Due to this DDOS, our link is getting over utilized .
Please help.
*Regards,*
*Parthesh Kumar*
*From:* Anurag Bhatia me@anuragbhatia.com *Sent:* 06 February 2021 17:03 *To:* Parthesh Kumar parthesh.kumar@fusionnet.in *Subject:* Re: [INNOG] DDOS Attack from IP -135.181.150.93 , ASN24940
(Offlist)
Hi Parthesh
There's a group of network operators and I have reached out to Hetzner contact there. I don't know person directly but will pass your message.
In meanwhile can you share more details like your ASN, which IP(s) of your are under attack and may be packet capture?
All that helps in speeding up responses.
On Sat, Feb 6, 2021 at 5:01 PM Anurag Bhatia me@anuragbhatia.com wrote:
Hi
I will connect you with contacts at Hetzner offlist.
Thanks.
On Sat, Feb 6, 2021 at 4:46 PM Parthesh Kumar < parthesh.kumar@fusionnet.in> wrote:
Dear Team,
We are getting DDOS attack from source IP 135.181.150.93 , which belongs to (Hetzner Online GmbH ,AS24940,Country-Germany). We are continuously following up with them on abuse@hetzner.com but not getting any response .
Can anyone please help and suggest further.
*Regards,*
*Parthesh Kumar*
INNOG mailing list -- innog@innog.net To unsubscribe send an email to innog-leave@innog.net
--
Anurag Bhatia
anuragbhatia.com
--
Anurag Bhatia
anuragbhatia.com
--
Anurag Bhatia
anuragbhatia.com
INNOG mailing list -- innog@innog.net To unsubscribe send an email to innog-leave@innog.net
-- Regards Vijay A CTO | Sevenstar dot com pvt ltd. +91 9930804010 vijay@my7star.com skype :- aspiremac
I agree with you.
I am already using the complete automated setup .
Regards Vijay A.
On Tue, Feb 9, 2021, 01:50 Anurag Bhatia me@anuragbhatia.com wrote:
Adding further to Vijay's point - consider setting up open source Fastnetmon as well. It can automate the detection and mitigation of DDoS. It won't fix the issue completely but can reduce it significantly as it can detect and act within seconds of attack and blackhole prefixes which are being attacked and thus minimising the impact on rest of network.
On Mon, Feb 8, 2021 at 4:15 PM Vijay Ahire vijay@my7star.com wrote:
Hi Parthesh, Blackhole BGP community attribute is provided by Upstream ISP. all Upstream providers have their own values configured. kindly ask Upstream providers to provide the same. provided value can be configured in your BGP router and inject route into the routing table to advertise DDOS ips to upstream providers. on receiving route upstream providers router will drop the traffic at their end only so malicious traffic won't reach on your network and won't congest your bandwidth. i hope this is helpful.
Regards Vijay A.
On Mon, Feb 8, 2021 at 3:51 PM Parthesh Kumar < parthesh.kumar@fusionnet.in> wrote:
Hi Vijay,
Thanks for sharing the information. Can you please share any blackhole community email id for future references.
Thanks again !
*Regards,*
*Parthesh Kumar*
*From:* Vijay Ahire vijay@my7star.com *Sent:* 08 February 2021 15:25 *To:* Parthesh Kumar parthesh.kumar@fusionnet.in *Cc:* Anurag Bhatia me@anuragbhatia.com; innog@innog.net *Subject:* Re: [INNOG] Re: DDOS Attack from IP -135.181.150.93 , ASN24940
Hi Parthesh,
bit late on this. but sharing it anyway as it may be helpful to other members.
contacting the admin person of attacking ip would be a lengthy process and won't be much helpful in resolving the ongoing issue quickly.
Better to blackhole these IPs using the blackhole community provided by upstream providers.
Since we have an ISP community here I would request all ISP should take the below measures.
- Blackhole IPs - Use the blackhole community from upstream
providers to blackhole IPs sending malicious traffic.
- Source Check - Allow only IPs assigned to Customers to enter into
ISP Network.
- Spamming - Block port 25 by default - Allow ports open on
customers request.
- block well known vulnerable ports.
- Analyse natlogs to understand which customers are sending
malicious traffic. ( CERT-in periodically sends botnet block request to isp )
Regards
Vijay A.
On Sat, Feb 6, 2021, 17:35 Parthesh Kumar parthesh.kumar@fusionnet.in wrote:
Hi,
Thanks for update.
*Regards,*
*Parthesh Kumar*
*From:* Anurag Bhatia me@anuragbhatia.com *Sent:* 06 February 2021 17:32 *To:* Parthesh Kumar parthesh.kumar@fusionnet.in *Cc:* innog@innog.net *Subject:* Re: [INNOG] DDOS Attack from IP -135.181.150.93 , ASN24940
Hi Parthesh
As per contact at Hetzner the abuse dept. does not work on weekends. Try mailing to noc@hetzner.com and someone in their NOC team can help.
Thanks.
On Sat, Feb 6, 2021 at 5:14 PM Parthesh Kumar < parthesh.kumar@fusionnet.in> wrote:
Hello Anurag,
Thanks for your quick reply and support. Our ASN is 134375 and we are getting DDOS on 14.141.116.206 (Which is fusionnet side IP provided by TCL for BGP session). Due to this DDOS, our link is getting over utilized .
Please help.
*Regards,*
*Parthesh Kumar*
*From:* Anurag Bhatia me@anuragbhatia.com *Sent:* 06 February 2021 17:03 *To:* Parthesh Kumar parthesh.kumar@fusionnet.in *Subject:* Re: [INNOG] DDOS Attack from IP -135.181.150.93 , ASN24940
(Offlist)
Hi Parthesh
There's a group of network operators and I have reached out to Hetzner contact there. I don't know person directly but will pass your message.
In meanwhile can you share more details like your ASN, which IP(s) of your are under attack and may be packet capture?
All that helps in speeding up responses.
On Sat, Feb 6, 2021 at 5:01 PM Anurag Bhatia me@anuragbhatia.com wrote:
Hi
I will connect you with contacts at Hetzner offlist.
Thanks.
On Sat, Feb 6, 2021 at 4:46 PM Parthesh Kumar < parthesh.kumar@fusionnet.in> wrote:
Dear Team,
We are getting DDOS attack from source IP 135.181.150.93 , which belongs to (Hetzner Online GmbH ,AS24940,Country-Germany). We are continuously following up with them on abuse@hetzner.com but not getting any response .
Can anyone please help and suggest further.
*Regards,*
*Parthesh Kumar*
INNOG mailing list -- innog@innog.net To unsubscribe send an email to innog-leave@innog.net
--
Anurag Bhatia
anuragbhatia.com
--
Anurag Bhatia
anuragbhatia.com
--
Anurag Bhatia
anuragbhatia.com
INNOG mailing list -- innog@innog.net To unsubscribe send an email to innog-leave@innog.net
-- Regards Vijay A CTO | Sevenstar dot com pvt ltd. +91 9930804010 vijay@my7star.com skype :- aspiremac
-- Anurag Bhatia anuragbhatia.com
Activity Summary
- 965 days inactive
- 965 days old
- innog@innog.net
- 3 participants
- 7 comments