DDoS - CoD?
Dobbins, Roland
rdobbins at arbor.net
Tue Sep 6 08:00:45 UTC 2011
On Sep 6, 2011, at 2:53 PM, BH wrote:
> Has anyone seen similar traffic before? I
I've seen DDoS traffic on UDP/80 as far back as 2002 - the miscreants often don't know a lot about TCP/IP, and if something happens to work once, they incorporate it into their attack tool defaults and keep using it over and over.
In several recent high-profile DDoS attacks, UDP/80 traffic ended up causing state exhaustion on load-balancers, as the victim sites weren't following the BCP of enforcing network access policies via stateless ACLs in hardware-based routers/layer-3 switches, and the load-balancers kept trying to load-balance this traffic from multiple purported source IPs/source ports.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
The basis of optimism is sheer terror.
-- Oscar Wilde
More information about the NANOG
mailing list