nanog mailing list archives
Re: UDP port 80 DDoS attack
From: Keegan Holley <keegan.holley () sungard com>
Date: Wed, 8 Feb 2012 03:31:05 -0500
2012/2/8 George Bonser <gbonser () seven com>
-----Original Message----- From: bas Sent: Tuesday, February 07, 2012 11:56 PM To: Dobbins, Roland; nanog Subject: Re: UDP port 80 DDoS attack Say eyeball provider X has implemented automated S/RTBH, and I have a grudge against them. I would simply DoS a couple of the subscribers *with spoofed source IP* addresses from google, youtube, netflow and hulu. The automated S/RTBH drops all packets coming from those IP addresses. Presto; many angry consumers call the ISP's helpdesk.Comes back to providers allowing "spoofed" traffic into their networks from customers. That seems to me to be the low-hanging fruit here.
How do you stop it? Granted, traffic from 10/8 or 127.0.0.1 coming in via an upstream is obvious, but that's about it. There's nothing in a packet that will tell you where it came from compared to the source IP field in the IP header. uRPF is a problem for anyone who's sufficiently multihomed since it causes asymmetric routing.
Current thread:
- Re: UDP port 80 DDoS attack, (continued)
- Re: UDP port 80 DDoS attack Dobbins, Roland (Feb 05)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 05)
- Re: UDP port 80 DDoS attack Dobbins, Roland (Feb 05)
- Re: UDP port 80 DDoS attack Dobbins, Roland (Feb 05)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 05)
- Re: UDP port 80 DDoS attack Dobbins, Roland (Feb 05)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 05)
- Re: UDP port 80 DDoS attack Dobbins, Roland (Feb 05)
- Re: UDP port 80 DDoS attack bas (Feb 07)
- RE: UDP port 80 DDoS attack George Bonser (Feb 08)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 08)
- RE: UDP port 80 DDoS attack George Bonser (Feb 08)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 08)
- RE: UDP port 80 DDoS attack George Bonser (Feb 08)
- RE: UDP port 80 DDoS attack George Bonser (Feb 08)
- Re: UDP port 80 DDoS attack bas (Feb 08)
- RE: UDP port 80 DDoS attack George Bonser (Feb 08)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 08)
- RE: UDP port 80 DDoS attack Drew Weaver (Feb 08)
- RE: UDP port 80 DDoS attack Sven Olaf Kamphuis (Feb 09)
- Re: UDP port 80 DDoS attack Steve Bertrand (Feb 09)
- Re: UDP port 80 DDoS attack Dobbins, Roland (Feb 05)