Retalitory DDoS

bzs at bzs at
Tue Feb 9 00:01:49 UTC 2021

I notice I often get DDoS'd when I post here, to NANOG, usually w/in
2-3 hours, so owing to this note it'll probably happen again tonight!

The typical attack is some mixture of DNS whacking from dozens or
hundreds of hosts, plus usually UDP packets being flung at basically
round-robin ports (udp port 13577, udp port 13578, ...) generating a
lot of ICMP unreachables again from hundreds of hosts no doubt all

I block it so it's not usually a big big deal other than a brief time
waste as I kick in autoblocking I wouldn't want to run all the time
but I can see it on for example MRTG, traffic spikes to as much as 10x
what I might expect at that time of day.

This is a rough neighborhood.

  "Who steals my bandwidth steals trash"
    -- William Shakespeare the XIIth

        -Barry Shein

Software Tool & Die    | bzs at             |
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

More information about the NANOG mailing list