Results 1 to 13 of 13
-
12-16-2013, 01:05 PM #1Web Hosting Guru
- Join Date
- Nov 2005
- Posts
- 305
Receving 200.000 pps attack for 8 days and at&t ignore abuse reports
Hello,
What to do when the source of an attack ignore abuse reports?
We have been attacked from 63.240.125.214 since 08/Dect/2013 and have contacted abuse@att.net 3 or 4 times since them. They just replied fo the first report requesting timestamps, which we provided and never answered anymore (not even to new reports we sent).
What do to?
The attack is consuming bandwidth/pps (average 200k pps/second).
I believe that this kind of behavior would just be seen from CHINA isps.
-
12-16-2013, 01:31 PM #2Web Hosting Guru
- Join Date
- Jun 2013
- Location
- Los Angeles
- Posts
- 327
Add a firewall rule/ACL at the highest level you can and then continue to ping AT&T daily until they respond to you. Give them a phone call if necessary. Unfortunately there's not a whole lot else you can do, apart from escalating it to your local provider and asking them to contact AT&T abuse on your behalf/ACLing it up the chain.
QuadraNet.com™ - Enterprise Dedicated Servers, Cloud Hosting, and Colocation
j.goldman@quadranet.com
-
12-16-2013, 01:32 PM #3WHT Addict
- Join Date
- Oct 2005
- Location
- London, UK
- Posts
- 140
they would generally receive a *LOT* of emails to their abuse department. If you only included a short message like your one above I can see why it could be ignored as there is not enough information there.
What type of attack is it for a start? If its a flood of some sort have you considered that the source is, in fact, spoofed?Goscomb Technologies Limited - www.goscomb.net / AS39326
E: sales@goscomb.net P: +44 (0) 203 129 4400 F: +44 (0) 203 129 4410
IP Transit :: Colocation :: Dedicated Servers :: Leased Lines :: DSL
Registered in England and Wales No. 05672987 - VAT Registration No. 853 7954 80
-
12-16-2013, 01:53 PM #4Web Hosting Guru
- Join Date
- Nov 2005
- Posts
- 305
-
12-16-2013, 01:56 PM #5Web Hosting Guru
- Join Date
- Nov 2005
- Posts
- 305
I've even heard from some people to look for a botnet to attack the source of the attack to try to have it null routed .. that is be so absurd that makes it funny
-
12-16-2013, 01:57 PM #6WHT Addict
- Join Date
- Oct 2005
- Location
- London, UK
- Posts
- 140
if its a UDP flood its most likely either spoofed, or DNS reflection.
Not all abuse departments will reply. It doesn't mean that they haven't dealt with the issue. If that traffic is spoofed there is nothing they can do in any case.Goscomb Technologies Limited - www.goscomb.net / AS39326
E: sales@goscomb.net P: +44 (0) 203 129 4400 F: +44 (0) 203 129 4410
IP Transit :: Colocation :: Dedicated Servers :: Leased Lines :: DSL
Registered in England and Wales No. 05672987 - VAT Registration No. 853 7954 80
-
12-16-2013, 02:14 PM #7Web Hosting Guru
- Join Date
- Nov 2005
- Posts
- 305
There is something really easy do do, ratelimit the IP so it won't impact other hosts on the internet until it is fixed.
Not a DNS reflection attack, it is most likely that perl udp flood script which is usually found at compromised hosts.
I don't believe that it is spoofed. Spoofed attacks usually keep changing the source.
-
12-17-2013, 10:53 AM #8Now renamed!
- Join Date
- May 2009
- Location
- Vaduz/LI
- Posts
- 2,778
>There is something really easy do do, ratelimit the IP so it won't impact other hosts on the internet until it is fixed.
Great way to breach terms, contracts and in some countries even laws.
-
12-17-2013, 11:18 AM #9Web Hosting Guru
- Join Date
- Nov 2005
- Posts
- 305
-
12-17-2013, 11:42 AM #10Now renamed!
- Join Date
- May 2009
- Location
- Vaduz/LI
- Posts
- 2,778
Protected from liability, at least in most of Europe based on claiming to be not able to verify it.
US as far as i know not much different.
-
12-17-2013, 11:46 AM #11Web Hosting Guru
- Join Date
- Nov 2005
- Posts
- 305
-
12-17-2013, 07:56 PM #12Web Hosting Guru
- Join Date
- Jan 2010
- Posts
- 308
-
12-17-2013, 09:52 PM #13Web Hosting Guru
- Join Date
- Nov 2005
- Posts
- 305
Coincidence ? 8 days of attacks and nothing, thread opened and in less than 24 hours attack stopped.
At least, this issue was solved.
Thanks for everyone who participated.
Similar Threads
-
20 Gbps DDoS Protected (12,000,000 PPS) [NL] DELL Dual Xeons for $999 / MANAGED
By WooServers in forum Dedicated Hosting OffersReplies: 0Last Post: 07-17-2013, 05:54 AM -
200,000 PPS ! Need help {DDoS}
By boxer in forum Hosting Security and TechnologyReplies: 3Last Post: 04-18-2010, 12:42 AM -
Hivelocity.net / Noc4hosts.com - Ignore Abuse Reports
By tomaszb3 in forum Dedicated ServerReplies: 10Last Post: 11-15-2007, 01:37 AM -
30.000 pps is attack?
By D3m0n in forum Dedicated ServerReplies: 0Last Post: 08-10-2007, 07:38 AM -
handling abuse issues/bogus abuse reports.(long post)
By jon-f in forum Running a Web Hosting BusinessReplies: 3Last Post: 07-06-2007, 12:35 AM