really nasty attacks

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Sep 27 15:34:08 UTC 2012


On Thu, Sep 27, 2012 at 08:55:58AM -0600,
 Miguel Mata <mmata at intercom.com.sv> wrote 
 a message of 30 lines which said:

> Guys,

No gals on NANOG?
 
> The attacks comes from various sites from the other side of the pond
> (46.165.197.xx, 213.152.180.yy).

How can you be sure? With UDP, you have zero guarantee on the source
IP address. (Checking the TTL can give you a hint if the packets
really come from the same point.)

Source and destination port? If source port is 53, it may means you're
the target of a DNS reflection+amplification attack, a la CloudFlare
<http://blog.cloudflare.com/65gbps-ddos-no-problem>.





More information about the NANOG mailing list