DDoS attack
Alain Hebert
ahebert at pubnix.net
Tue Dec 10 13:07:15 UTC 2019
<snarky remark> BCP38 <more snarky remarks>
After all this time and knowledge why people still think <source
ip> are legit evidence in DDoS instances...
-----
Alain Hebert ahebert at pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
On 2019-12-09 15:15, Tim Požár wrote:
> This is lame. They should be able to view NAT translation tables or
> better yet have some method of watching flows.
>
> Tim
>
> On 12/9/19 12:11 PM, Christopher Morrow wrote:
>> I'd note that: "what prefixes?" isn't answered here... like: "what is
>> the thing on your network which is being attacked?"
>>
>> On Mon, Dec 9, 2019 at 3:08 PM ahmed.dalaali at hrins.net
>> <ahmed.dalaali at hrins.net> wrote:
>>> Dear All,
>>>
>>> My network is being flooded with UDP packets, Denial of Service attack, soucing from Cloud flare and Google IP Addresses, with 200-300 mbps minimum traffic, the destination in my network are IP prefixes that is currnetly not used but still getting traffic with high volume.
>>> The traffic is being generated with high intervals between 10-30 Minutes for each time, maxing to 800 mbps
>>> When reached out cloudflare support, they mentioned that there services are running on Nat so they can’t pin out which server is attacking based on ip address alone, as a single IP has more than 5000 server behind it, providing 1 source IP and UDP source port, didn’t help either
>>> Any suggestions?
>>>
>>> Regards,
>>> Ahmed Dala Ali
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191210/4b3b1b5c/attachment.html>
More information about the NANOG
mailing list