DDoS - CoD? - Activision contact

BH lists at blackhat.bz
Tue Sep 6 08:02:37 CDT 2011


Looking around, I believe the issue is that the IP has ended up on a 
master game list, so we are now getting the queries directed at US.

For anyone interested, there seems to be some info here:

http://forums.steampowered.com/forums/showthread.php?t=1670090

With the packet capture I have and the symptoms looking very alike the 
example in my original email.

I found an earlier example as well with similar symptoms:
http://forums.srcds.com/viewtopic/15737

Is there anyone from Activision on the list or does anyone have an 
Activision contact? Replies off list welcome, I can provide more details 
there.


On 6/09/2011 6:10 PM, Alexander Harrowell wrote:
> On Tuesday 06 Sep 2011 09:14:26 Greg Chalmers wrote:
>> Could be legitimate CoD servers responding to a spoofed query?
>
> My first thought looking at the packet dump. Interesting that some poor
> sap's hotmail address is embedded in it.
>
>> How much
>> traffic are you talking about out of curiosity?
>>
>> Regards
>> Greg
>>
>>
>> On Tue, Sep 6, 2011 at 6:03 PM, BH<lists at blackhat.bz>  wrote:
>>
>>> On 6/09/2011 4:00 PM, Dobbins, Roland wrote:
>>>> I've seen DDoS traffic on UDP/80 as far back as 2002
>>> Hi Roland,
>>>
>>> I should be a bit more clear sorry, I too have frequently seen
> attacks
>>> on 80/udp but mainly as a source (eg. compromised hosting accounts)
>>> rather than the destination. I didn't in the past do a packet
> capture,
>>> but I lookes at a couple of scripts and the data was usually randm
> or
>>> just AAAAAA etc. The thing that perplexed me is why it appears to be
>>> Call of Duty data more than anything...
>>>
>>> Thanks
>>>
>>>
>>
>





More information about the NANOG mailing list