DDoS - CoD? - Activision contact

BH lists at blackhat.bz
Tue Sep 6 13:02:37 UTC 2011

Looking around, I believe the issue is that the IP has ended up on a 
master game list, so we are now getting the queries directed at US.

For anyone interested, there seems to be some info here:


With the packet capture I have and the symptoms looking very alike the 
example in my original email.

I found an earlier example as well with similar symptoms:

Is there anyone from Activision on the list or does anyone have an 
Activision contact? Replies off list welcome, I can provide more details 

On 6/09/2011 6:10 PM, Alexander Harrowell wrote:
> On Tuesday 06 Sep 2011 09:14:26 Greg Chalmers wrote:
>> Could be legitimate CoD servers responding to a spoofed query?
> My first thought looking at the packet dump. Interesting that some poor
> sap's hotmail address is embedded in it.
>> How much
>> traffic are you talking about out of curiosity?
>> Regards
>> Greg
>> On Tue, Sep 6, 2011 at 6:03 PM, BH<lists at blackhat.bz>  wrote:
>>> On 6/09/2011 4:00 PM, Dobbins, Roland wrote:
>>>> I've seen DDoS traffic on UDP/80 as far back as 2002
>>> Hi Roland,
>>> I should be a bit more clear sorry, I too have frequently seen
> attacks
>>> on 80/udp but mainly as a source (eg. compromised hosting accounts)
>>> rather than the destination. I didn't in the past do a packet
> capture,
>>> but I lookes at a couple of scripts and the data was usually randm
> or
>>> just AAAAAA etc. The thing that perplexed me is why it appears to be
>>> Call of Duty data more than anything...
>>> Thanks

More information about the NANOG mailing list