DDoS attack

Filip Hruska fhr at fhrnet.eu
Mon Dec 9 20:15:39 UTC 2019


Hello, 

which attack protocol are seeing? I suspect you're seeing DNS based amplification or similar, in which case you can't really pinpoint the attack source... 

800Mbps is not a whole lot of traffic - does it cause any disruptions to you? If the prefixes are not in use, I would suggest the use of RTBH (null routing / blackholing) 

Kind Regards, 
Filip Hruska



On 9 December 2019 9:07:35 pm GMT+01:00, "ahmed.dalaali at hrins.net" <ahmed.dalaali at hrins.net> wrote:
>Dear All, 
>
>My network is being flooded with UDP packets, Denial of Service attack,
>soucing from Cloud flare and Google IP Addresses, with 200-300 mbps
>minimum traffic, the destination in my network are IP prefixes that is
>currnetly not used but still getting traffic with high volume.
>The traffic is being generated with high intervals between 10-30
>Minutes for each time, maxing to 800 mbps
>When reached out cloudflare support, they mentioned that there services
>are running on Nat so they can’t pin out which server is attacking
>based on ip address alone, as a single IP has more than 5000 server
>behind it, providing 1 source IP and UDP source port, didn’t help
>either
>Any suggestions?
>
>Regards, 
>Ahmed Dala Ali 

-- 
Sent from my mobile device. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191209/2283f67b/attachment.html>


More information about the NANOG mailing list