
At about 17:40 EDT today we started seeing traffic from
planet-lab.orgnodes at 25+ US universities all directed at one of our
hosting boxes. Its
all ICMP and high port UDP stuff. Nothing terrible from what we can tell,
but its triggering a constant stream of IDS alerts and auto-blocks. Not
easy to configure for since the traffic originates from subnets all over
the place, and the list of originating nodes is growing every few minutes.

Its horribly annoying, and trying to determine the source using the tools
provided on the site is pretty much impossible as the search
tool returns nothing at all times. Yes, we've opened a ticket with already.

Has anyone else had to deal with this, or is anyone connected to that
particular project listening? Im all for academic projects, but the
approach here is rubbing me the wrong way.

Has anyone else had to deal with this, or is anyone connected to that

people get dos'd (or think they do, not you in this case) regularly.

particular project listening? Im all for academic projects, but the
approach here is rubbing me the wrong way.

normally their support arm had been helpful... in the past at least
I'd gotten responses :frowning:

In fairness to the PlanetLab folks, I did get a response to my original
ticket and someone from NANOG also contacted me after my post. I do
appreciate that.

I will repeat that the traffic is not malicious, but it might be a more
friendly policy to allow network operators to automatically opt-out of that
environment if desired. Since we have some semblance of clue it was
obvious within 30 seconds that this was an academic research network at
play, and only took another 15 seconds to figure out that it was PlanetLab,
so just let me add my subnets to a database which then prevents the "uber
cluster" from including those subnets when generating experimental traffic.
Another option might be to clearly state which prefixes the traffic may
originate from so operators can filter accordingly. The cluster is pretty
widespread so I realize that might not be very practical.

Simply assuming that we won't mind having PlanetLab researchers using our
assets as a lab isn't terribly cool.