Dear NOC /Nanog,
We (Swisscom, AS3303) have a customer that is being attacked for about 5 days now. It is a DOS attack with spoofed source IP addresses. The destination network is:
22.214.171.124/16 , as-path 3303 8437 5603 2610
The attack is (at least !) 100Mb/s, and is coming from different peers. Yesterday it was on our peerings with AS7018 and AS6453 in Palo-Alto, today seems to be more on the AADS in Chicago.
I applied the following packet filter (access-list 19 below) to all our external links, and there is a huge amount of packet with those source IP coming in. Although we drop these packets at our ingress, may i ask everyone peering with us (and others if you feel concerned) to configure that packet filter in output ?
Thanks a lot for your help (or feedback if you are also experiencing such problems) and have a nice day