DDoS Attacks Cause of Game Servers

clayton at haydel.org clayton at haydel.org
Thu Jan 31 07:41:04 UTC 2013


I see these type of reflection/amplification attacks pretty frequently. 
Some games (mostly older games) are exploitable in this manner.  The
attacker sends a short spoofed request, and the game server sends back a
huge chunk of data aimed at you.  The chances of you finding the actual
source are pretty slim.  Usually this type of attack is going to be coming
from / going to a specific port that you (or your upstream provider) can
ACL.


Clayton


> Hi everybody,
> Last two days I was under an interesting attack which comes from multiple
> sources to three of my ADSL users destination.
> The attack make router to ran out of CPU and we had to reload it to solve.
> I ask those three users and they said we are only game players and all of
> them were kids, I think they told the true, they told we are playing:
> http://intl.garena.com/
> Attacks takes only 20 or 30 minutes and it happens only 4 times in two
> days.
> I could'nt capture any packet but this is out put of my "show ip
> accounting" that time:
>
>    Source           Destination              Packets               Bytes
>  212.180.138.90   128.141.119.209                117             5148
>  135.62.255.246   128.141.119.209                117             5148
>  46.136.27.13     128.141.119.209                117               5148
>  25.181.84.74     128.141.119.209                117               5148
>  108.0.207.17     128.141.119.209                117               5148
>  181.95.89.1      128.141.119.209                117                5148
>  36.161.28.42     128.141.119.209                117               5148
>  39.130.139.157   128.141.119.209                117             5148
>  139.81.4.106     128.141.119.209                117               5148
>  3.229.28.78      128.141.119.209                117                5148
>  115.28.11.208    128.141.119.209                117               5148
>  206.42.151.199   128.141.119.209                117              5148
>  213.221.149.41   128.141.119.209                117              5148
>  81.203.234.196   128.140.109.209                117              5148
>  43.134.71.94     128.141.119.209                117                5148
>  157.69.74.39     128.141.119.209                117                5148
>  16.206.47.71     128.141.119.209                117                5148
>  77.25.17.243     128.141.119.209                117                5148
>
> If you have any information in this field and you can help me to find who
> is behind this, please share.
> Thanks
>
>
> --
> Regards,
> Shahab Vahabzadeh, Network Engineer and System Administrator
>
> Cell Phone: +1 (415) 871 0742
> PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81  C2EE 76A2 46C2 5367 BF90
>





More information about the NANOG mailing list