UDP port 80 DDoS attack

• Previous message (by thread): UDP port 80 DDoS attack
• Next message (by thread): UDP port 80 DDoS attack
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Feb 05, 2012 at 06:36:13PM -0500, Ray Gasnick III wrote:
> We just saw a huge flux of traffic occur this morning that spiked one of
> our upstream ISPs gear and killed the layer 2 link on another becuase of a
> DDoS attack on UDP port 80.

Yep, we've got a customer who's been hit with it a couple of times (5Gbps
the first time, 3Gbps the second).  For hysterical raisins, we don't
actually control the network for this particular customer, but the network
provider did pretty much what you did -- blackholed the victim IP.  We've
mitigated the problem by using a full-time traffic-scrubbing service -- the
hope is that the scrubbing service will pay for all the traffic and only the
good stuff will get through.  Only time will tell if it works.  We also had
to renumber the customer, as the attacks were obviously remembering the old
IP and still knocking it off the network even after the DNS was repointed at
the scrubbing service.

- Matt

-- 
"I'm tempted to try Gentoo, but then I learned that its installer is in
Python, and, well, a base Python install on my system is something like
fifty megabytes (for what?  oh, right, we NEED four XML libraries, I
forgot)."  -- Dave Brown, ASR

• Previous message (by thread): UDP port 80 DDoS attack
• Next message (by thread): UDP port 80 DDoS attack
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]