Friday, January 8, 2010

Trying to analyze VISPA ISP Outage

TheRegister (http://www.theregister.co.uk/2010/01/08/vispa_ddoa/) has published today a news about an outage (caused by DDOS from Latvia) for the VISPA ISP (AS29129 VISPA-ASN).  The attack seems came from Baltic area and it lasted about 12 hours (between 1.00 AM and 12.30 PM).  The following analysis is to be intend as only an attempt to verify the DDOS behavior and nothing else. 

For this purpose it’s been used the VISPA-CORE  ip prefix: (83.217.160.0/19)

prefixes
The screenshots are generated by BGPlay (http://bgplay.routeviews.org/bgplay/):
Time:2010-01-08  08:44:10
ddos001
Time:2010-01-08  09:51:49
ddos002
Time:2010-01-08  10:36:47
ddos003
Time:2010-01-08  11:17:49 (apparently no more BGP traffic for AS)
ddos004
Time:2010-01-08  12:22:30
ddos005
Feedback are welcome.

No comments:

Post a Comment