Well, I believe in this case it was all Asia IP space, Mostly from the same hand full of subnets. So they dropped the associated /24's
Nick Olsen Network Operations (321) 205-1100 x106 ---------------------------------------- From: "Matt" <lm7...@gmail.com> Sent: Monday, August 02, 2010 10:56 AM To: "WISPA General List" <wireless@wispa.org> Subject: Re: [WISPA] DOS attack >to 1.2Gb/s if I recall correctly. At first we were getting crazy packet loss because the upstream router was getting hammered. >After that they put in a few rules to drop the traffic and that made it stable, But latency was like +140ms going into it. What rules can really help a DOS attack? I just see it as hard to block since usually its coming from thousands of different IP's. I imagine it could look like TCP, UDP or etc. How can a router tell whats legitimate and not? Matt ---------------------------------------------------------------------------- ---- WISPA Wants You! Join today! http://signup.wispa.org/ ---------------------------------------------------------------------------- ---- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
-------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/