UDP port 80 DDoS attack
Keegan Holley
keegan.holley at sungard.com
Mon Feb 6 00:21:51 UTC 2012
There aren't very many ways to combat DDOS. That's why it's so popular.
Some ISP's partner with a company that offers a tunnel based scrubbing
service where they DPI all your traffic before they send it to you. If you
only have a few upstreams it may be helpful to you. I spoke to them last
year but we have too many links and too many blocks to use it. I think the
name of the company was prolexic. They're also a L3 VAR if you have L3
links. There isn't alot of BGP (AFAIK) magic that doesn't involve cutting
someone off to save the rest of your customers.
2012/2/5 Ray Gasnick III <rgasnick at milestechnologies.com>
> We just saw a huge flux of traffic occur this morning that spiked one of
> our upstream ISPs gear and killed the layer 2 link on another becuase of a
> DDoS attack on UDP port 80.
>
>
>
> Wireshark shows this appears to be from a compromised game server (call of
> duty) with source IPs in a variety of different prefixes.
>
>
>
> Only solution thus far was to dump the victim IP address in our block into
> the BGP Black hole community with one of our 2 providers and completely
> stop advertising to the other.
>
>
>
> Anybody see this recently and have any tips on mitigation, reply on or
> off list.
>
>
>
> Thank You,
>
> Ray Gasnick III
> CISSP, Technology Specialist: Network Security & Infrastructure
> Miles Technologies
> www.milestechnologies.com<http://www.milestechnologies.com/>
>
> Phone: (856) 439-0999 x127
> Direct: (856) 793-3821
> How am I doing? Email my manager at itmanager at milestechnologies.com
> <mailto:itmanager at milestechnologies.com>
>
> Computer Networking – IT Support – Business Software – Website Design –
> Online Marketing & PR
>
>
>
More information about the NANOG
mailing list