UDP port 80 DDoS attack
kilobit at gmail.com
Wed Feb 8 07:56:25 UTC 2012
On Mon, Feb 6, 2012 at 2:43 AM, Dobbins, Roland <rdobbins at arbor.net> wrote:
> S/RTBH can be rapidly shifted in order to deal with changing purported source IPs, and it isn't limited to /32s.
The big drawback with S/RTBH is that it is a DoS method in itself.
Say eyeball provider X has implemented automated S/RTBH, and I have a
grudge against them.
I would simply DoS a couple of the subscribers with spoofed source IP
addresses from google, youtube, netflow and hulu.
The automated S/RTBH drops all packets coming from those IP addresses.
Presto; many angry consumers call the ISP's helpdesk.
The same goes for hosting networks, I just need to identify what kind
of service my intended victim is dependent on. (i.e. paypal).
Then DoS any part of the hosters network with spoofed source addresses
of paypal, the automated S/RTBH makes sure the entire hosting network
is not able to reach paypal anymore.
Presto, mission achieved.
More information about the NANOG