DDoS - CoD?

Alexander Harrowell a.harrowell at gmail.com
Tue Sep 6 10:10:22 UTC 2011


On Tuesday 06 Sep 2011 09:14:26 Greg Chalmers wrote:
> Could be legitimate CoD servers responding to a spoofed query?

My first thought looking at the packet dump. Interesting that some poor 
sap's hotmail address is embedded in it.

> How much
> traffic are you talking about out of curiosity?
> 
> Regards
> Greg
> 
> 
> On Tue, Sep 6, 2011 at 6:03 PM, BH <lists at blackhat.bz> wrote:
> 
> > On 6/09/2011 4:00 PM, Dobbins, Roland wrote:
> > > I've seen DDoS traffic on UDP/80 as far back as 2002
> > Hi Roland,
> >
> > I should be a bit more clear sorry, I too have frequently seen 
attacks
> > on 80/udp but mainly as a source (eg. compromised hosting accounts)
> > rather than the destination. I didn't in the past do a packet 
capture,
> > but I lookes at a couple of scripts and the data was usually randm 
or
> > just AAAAAA etc. The thing that perplexed me is why it appears to be
> > Call of Duty data more than anything...
> >
> > Thanks
> >
> >
> 

-- 
The only thing worse than e-mail disclaimers...is people who send e-mail 
to lists complaining about them
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20110906/fc467073/attachment.sig>


More information about the NANOG mailing list