DDoS Attacks Cause of Game Servers
clayton at haydel.org
clayton at haydel.org
Thu Jan 31 07:41:04 UTC 2013
I see these type of reflection/amplification attacks pretty frequently.
Some games (mostly older games) are exploitable in this manner. The
attacker sends a short spoofed request, and the game server sends back a
huge chunk of data aimed at you. The chances of you finding the actual
source are pretty slim. Usually this type of attack is going to be coming
from / going to a specific port that you (or your upstream provider) can
ACL.
Clayton
> Hi everybody,
> Last two days I was under an interesting attack which comes from multiple
> sources to three of my ADSL users destination.
> The attack make router to ran out of CPU and we had to reload it to solve.
> I ask those three users and they said we are only game players and all of
> them were kids, I think they told the true, they told we are playing:
> http://intl.garena.com/
> Attacks takes only 20 or 30 minutes and it happens only 4 times in two
> days.
> I could'nt capture any packet but this is out put of my "show ip
> accounting" that time:
>
> Source Destination Packets Bytes
> 212.180.138.90 128.141.119.209 117 5148
> 135.62.255.246 128.141.119.209 117 5148
> 46.136.27.13 128.141.119.209 117 5148
> 25.181.84.74 128.141.119.209 117 5148
> 108.0.207.17 128.141.119.209 117 5148
> 181.95.89.1 128.141.119.209 117 5148
> 36.161.28.42 128.141.119.209 117 5148
> 39.130.139.157 128.141.119.209 117 5148
> 139.81.4.106 128.141.119.209 117 5148
> 3.229.28.78 128.141.119.209 117 5148
> 115.28.11.208 128.141.119.209 117 5148
> 206.42.151.199 128.141.119.209 117 5148
> 213.221.149.41 128.141.119.209 117 5148
> 81.203.234.196 128.140.109.209 117 5148
> 43.134.71.94 128.141.119.209 117 5148
> 157.69.74.39 128.141.119.209 117 5148
> 16.206.47.71 128.141.119.209 117 5148
> 77.25.17.243 128.141.119.209 117 5148
>
> If you have any information in this field and you can help me to find who
> is behind this, please share.
> Thanks
>
>
> --
> Regards,
> Shahab Vahabzadeh, Network Engineer and System Administrator
>
> Cell Phone: +1 (415) 871 0742
> PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
>
More information about the NANOG
mailing list