DDoS - CoD? - Activision contact
lists at blackhat.bz
Tue Sep 6 13:02:37 UTC 2011
Looking around, I believe the issue is that the IP has ended up on a
master game list, so we are now getting the queries directed at US.
For anyone interested, there seems to be some info here:
With the packet capture I have and the symptoms looking very alike the
example in my original email.
I found an earlier example as well with similar symptoms:
Is there anyone from Activision on the list or does anyone have an
Activision contact? Replies off list welcome, I can provide more details
On 6/09/2011 6:10 PM, Alexander Harrowell wrote:
> On Tuesday 06 Sep 2011 09:14:26 Greg Chalmers wrote:
>> Could be legitimate CoD servers responding to a spoofed query?
> My first thought looking at the packet dump. Interesting that some poor
> sap's hotmail address is embedded in it.
>> How much
>> traffic are you talking about out of curiosity?
>> On Tue, Sep 6, 2011 at 6:03 PM, BH<lists at blackhat.bz> wrote:
>>> On 6/09/2011 4:00 PM, Dobbins, Roland wrote:
>>>> I've seen DDoS traffic on UDP/80 as far back as 2002
>>> Hi Roland,
>>> I should be a bit more clear sorry, I too have frequently seen
>>> on 80/udp but mainly as a source (eg. compromised hosting accounts)
>>> rather than the destination. I didn't in the past do a packet
>>> but I lookes at a couple of scripts and the data was usually randm
>>> just AAAAAA etc. The thing that perplexed me is why it appears to be
>>> Call of Duty data more than anything...
More information about the NANOG