Here's a sorted list of the networks used to attack FDT (pulled from my
1.5mb of tcpdump data which was just a brief sample of the data from our
attack Sunday. If any of them belong to you, shame on you.
You are being hit through Sprint Canada. Four /30's from this class c
are the addresses assigned to the 4 T1's we have with Sprint Canada.
What specific addresses on this net hit you? We do source address
filtering, and do not permit packets to leave our net which do not
have source addresses on our nets.
Having said that, the /30's I am concerned about do not appear
anywhere but our core router. If your attack is coming from there,
then I would likely to know what the h*ll our router is doing
sending those packets, and who the h*ll has that kind of access
to our router that we don't know about.
Please confirm the actual source IP's on the 207.107.244 network.
I also know of a Toronto ISP who has a /30 from this network for
their link to Sprint Canada.