This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/members-discuss@ripe.net/
[members-discuss] What to do
- Previous message (by thread): [members-discuss] What to do
- Next message (by thread): [members-discuss] What to do
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sven Olaf Kamphuis
sven at cb3rob.net
Thu Nov 24 12:15:01 CET 2011
in order to figure out wether the source addresses are spoofed, just look at the ttl of the incoming packets, -even if they are different- trigger the box at the other end to send you a packet (icmp echo-reply, tcp reject, something like that), and then ofcourse the ttl on the packet you made it send by your self, should be more or less the same as the ttl on the incoming packets from that host. (as usually, the source ip is spoofed)... if the source ip is -not- spoofed... the procedure is quite simple, you pick up the phone and you call the noc of the originating networks and tell them to fix the issue :P -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. & Co. KG ========================================================================= Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration: HRA 42834 B BERLIN Phone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE: CBSK1-RIPE e-Mail: sven at cb3rob.net ========================================================================= <penpen> C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob ========================================================================= Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Tue, 22 Nov 2011, Markel Stefo wrote: > I Saludos, > > Being a young lir I am not sure what the procedure should be but we would certianly appriciate, at least myself, to know what the IP causing the attack is or range therfore. > > Thanks in advance, > Markel Stefo > IP Core Network Administrator > Plus Communicaction > > PS:Sorry to the list > > -----Original Message----- > From: members-discuss-bounces at ripe.net [mailto:members-discuss-bounces at ripe.net] On Behalf Of Comunicaciones ACOTELSA > Sent: Tuesday, November 22, 2011 4:41 PM > To: members-discuss at ripe.net > Subject: [members-discuss] What to do > > Hi all. > > We have detected a DoS from IP of APNIC, from China. > > Are there a procedure to inform APNIC or RIPE about the problem or the only > way is inform to the WHOIS contact? > > Thanks in advance. > > > Saludos... > > =========================================== > Luis Ángel Lozano Aparicio > Comunicaciones y Seguridad > Grupo Acotel > e-mail: comunicaciones at acotelsa.com > ------------------------------------------ > Tlf: 983 440274 - 902 194273 Fax:983 548220 > Oficina 201 - Edificio Galileo, módulo Rojo > Parque Tecnológico de Boecillo > 47151 Boecillo (Valladolid) - España > =========================================== > > > > > > Protección de Datos: ACOTELSA le informa de que los datos facilitados por Ud. y utilizados para el envío de esta comunicación serán objeto de tratamiento automatizado o no en nuestros ficheros, con la finalidad de gestionar la agenda de contactos de nuestra empresa y para el envío de comunicaciones profesionales por cualquier medio electrónico o no. Vd. podrá en cualquier momento ejercer el derecho de acceso, rectificación, cancelación y oposición en los términos establecidos en la Ley Orgánica 15/1999. El responsable del tratamiento es ACOTELSA, con domicilio en Ronda de Poniente, 3 bajo, 28760 Tres Cantos, Madrid. > > Confidencialidad El contenido de esta comunicación, así como el de toda la documentación anexa, es confidencial y va dirigido únicamente al destinatario del mismo. En el supuesto de que usted no fuera el destinatario, le solicitamos que nos lo indique y no comunique su contenido a terceros, procediendo a su destrucción. Gracias. > > Confidenciality The content of this communication and any attached information is confidential and exclusively for the use of the addressee. If you are not the addressee, we ask you to notify to the sender and do not pass its content to another person, and please be sure you destroy it. Thank you. > > > > ---- > If you don't want to receive emails from the RIPE NCC members-discuss > mailing list, please log in to your LIR Portal account and go to the general page: > https://lirportal.ripe.net/general/view > > Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. > > ---- > If you don't want to receive emails from the RIPE NCC members-discuss > mailing list, please log in to your LIR Portal account and go to the general page: > https://lirportal.ripe.net/general/view > > Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. >
- Previous message (by thread): [members-discuss] What to do
- Next message (by thread): [members-discuss] What to do
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]