Retalitory DDoS

• Previous message (by thread): Retalitory DDoS
• Next message (by thread): Internet Routing Registry folks - Important - (Fwd: [arin-announce] Consultation Now Open on the Future of ARIN’s IRR)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I notice I often get DDoS'd when I post here, to NANOG, usually w/in
2-3 hours, so owing to this note it'll probably happen again tonight!

The typical attack is some mixture of DNS whacking from dozens or
hundreds of hosts, plus usually UDP packets being flung at basically
round-robin ports (udp port 13577, udp port 13578, ...) generating a
lot of ICMP unreachables again from hundreds of hosts no doubt all
phony.

I block it so it's not usually a big big deal other than a brief time
waste as I kick in autoblocking I wouldn't want to run all the time
but I can see it on for example MRTG, traffic spikes to as much as 10x
what I might expect at that time of day.

This is a rough neighborhood.

  "Who steals my bandwidth steals trash"
    -- William Shakespeare the XIIth

-- 
        -Barry Shein

Software Tool & Die    | bzs at TheWorld.com             | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

• Previous message (by thread): Retalitory DDoS
• Next message (by thread): Internet Routing Registry folks - Important - (Fwd: [arin-announce] Consultation Now Open on the Future of ARIN’s IRR)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]