really nasty attacks
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Sep 27 15:34:08 UTC 2012
On Thu, Sep 27, 2012 at 08:55:58AM -0600,
Miguel Mata <mmata at intercom.com.sv> wrote
a message of 30 lines which said:
> Guys,
No gals on NANOG?
> The attacks comes from various sites from the other side of the pond
> (46.165.197.xx, 213.152.180.yy).
How can you be sure? With UDP, you have zero guarantee on the source
IP address. (Checking the TTL can give you a hint if the packets
really come from the same point.)
Source and destination port? If source port is 53, it may means you're
the target of a DNS reflection+amplification attack, a la CloudFlare
<http://blog.cloudflare.com/65gbps-ddos-no-problem>.
More information about the NANOG
mailing list