DDoS Attacks Cause of Game Servers
Fredrik Holmqvist / I2B
fredrik at i2b.se
Thu Jan 31 09:59:00 UTC 2013
The IPs you see is the exploited gameservers, so "just" contact them,
and send them the link below.
There is a workaround for it:
We have had problem with this in the past. Usually we get "abuse
complaints" from the admin of the game server(s) claiming one of our
customers is DDoSing them, when in fact their servers are used to DDoS
After explaining how the DDoS works and sending them the link above,
they fix the problem on their side.
We have also tried to send abuse messages to the ISPs of the exploited
servers, and can't say that we are pleased with the response, the small
ISPs responded and took care of the issue (talked with their customers),
most big ones didn't even send a ACK back.
When this attack type was used (1+ year ago) we had aprox 3.5 Gbit
coming from the gameservers.
On 2013-01-31 07:02, Stephane Bortzmeyer wrote:
> On Thu, Jan 31, 2013 at 11:23:11AM +0330,
> Shahab Vahabzadeh <sh.vahabzadeh at gmail.com> wrote
> a message of 55 lines which said:
>> Those ip addresses I send were only sample, its 5 page :D and not
>> only those addresses.
> Because the attacker attacks when they have a new opponent. They DoS
> it long enough to win a race, then start a new fight in the game.
>> And you are looking to target 128.141.X.Y its mine and I change it
>> of mailing list, maybe attackers are here.
>> You must check the sources not destination.
> What Jeroen said is that source IP addresses are spoofed (which is
> common with UDP-based protocols such as the DNS). They are the
> victim's addresses, not the attacker's.
I2B (Internet 2 Business)
More information about the NANOG