Profile

Cover photo
56 followers|2,996 views
AboutPosts

Stream

LG

Shared publicly  - 
 
http://lg.version6.net/ may have higher load than normal due some DDoS attack.

It is not yet clear what is the point of this DDoS and it is blocked from web server but it still generates good amount of additional server load. The request flood comes from random IP addresses which change over time and therefore simple firewall in server side does not work. We are looking for some IDS setup right now for that.

If anyone is interested in how these queries look like then here is on example. All requests are the same with two different router names. Here is how it looks like:

95.62.21.82 - - [15/Apr/2012:09:22:48 +0000] "OPTIONS /?query=trace&protocol=IPv4&addr=50.61.234.168&router=r9-Tln-Linx HTTP/1.1" 302 363 "hxxp://www.hiogo. com/files/jsql/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19"

I changed referer link to avoid hyperlinking here. This is actually normal HTTP URL to the nonexisting location.

Has anyone seen such "OPTIONS" requests before?´╗┐
1
Add a comment...

LG

Shared publicly  - 
1
Add a comment...
Have them in circles
56 people

LG

Shared publicly  - 
 
Try this LG to see the latest features´╗┐
1
Add a comment...
People
Have them in circles
56 people
Story
Tagline
Looking Glass - online BGP information
Introduction
LG is a Looking Glass written in Perl as a CGI script. It can execute almost all BGP-related commands and do ping and traceroute in routers or relay these queries to other looking glasses. It supports both IPv4 and IPv6 commands, and is tested with Cisco IOS, Zebra/Quagga, and Juniper JUNOS. It can connect to a router using SSH, telnet or rsh.