DDoS Attacks Cause of Game Servers

Fredrik Holmqvist / I2B fredrik at i2b.se
Thu Jan 31 09:59:00 UTC 2013


The IPs you see is the exploited gameservers, so "just" contact them, 
and send them the link below.

There is a workaround for it:

We have had problem with this in the past. Usually we get "abuse 
complaints" from the admin of the game server(s) claiming one of our 
customers is DDoSing them, when in fact their servers are used to DDoS 
our customer(s).
After explaining how the DDoS works and sending them the link above, 
they fix the problem on their side.

We have also tried to send abuse messages to the ISPs of the exploited 
servers, and can't say that we are pleased with the response, the small 
ISPs responded and took care of the issue (talked with their customers), 
most big ones didn't even send a ACK back.
When this attack type was used (1+ year ago) we had aprox 3.5 Gbit 
coming from the gameservers.

On 2013-01-31 07:02, Stephane Bortzmeyer wrote:
> On Thu, Jan 31, 2013 at 11:23:11AM +0330,
>  Shahab Vahabzadeh <sh.vahabzadeh at gmail.com> wrote
>  a message of 55 lines which said:
>> Those ip addresses I send were only sample, its 5 page :D and not
>> only those addresses.
> Because the attacker attacks when they have a new opponent. They DoS
> it long enough to win a race, then start a new fight in the game.
>> And you are looking to target 128.141.X.Y its mine and I change it 
>> because
>> of mailing list, maybe attackers are here.
>> You must check the sources not destination.
> What Jeroen said is that source IP addresses are spoofed (which is
> common with UDP-based protocols such as the DNS). They are the
> victim's addresses, not the attacker's.

Fredrik Holmqvist
I2B (Internet 2 Business)
070-740 5033

More information about the NANOG mailing list