nanog mailing list archives
TCP-AMP DDoS Attack - Fake abuse reports problem
From: "Octolus Development" <admin () octolus net>
Date: Thu, 20 Feb 2020 23:17:45 +0100
A very old attack method called TCP-AMP ( https://pastebin.com/jYhWdgHn [https://pastebin.com/jYhWdgHn] ) has been getting really popular recently. I've been a victim of it multiple times on many of my IP's and every time it happens - My IP's end up getting blacklisted in major big databases. We also receive tons of abuse reports for "Port Scanning". Example of the reports we're getting: tcp: 51.81.XX.XX:19342 -> 209.208.XX.XX:80 (SYN_RECV) tcp: 51.81.XX.XX:14066 -> 209.208.XX.XX:80 (SYN_RECV) OVH are threatening to kick us off their network, because we are victims of this attack. And requesting us to do something about it, despite the fact that there is nothing you can do when you are being victim of an DDoS Attack. Anyone else had any problems with these kind of attacks? The attack basically works like this; - The attacker scans the internet for TCP Services, i.e port 80. - The attacker then sends spoofed requests from our IP to these TCP Services, which makes the remote service attempt to connect to us to initiate the handshake.. This clearly fails. ... Which ends up with hundreds of request to these services, reporting us for "port flood".
Current thread:
- TCP-AMP DDoS Attack - Fake abuse reports problem Octolus Development (Feb 20)
- Re: TCP-AMP DDoS Attack - Fake abuse reports problem Töma Gavrichenkov (Feb 20)
- Message not available
- Re: Forest HQ Has Received Your Message: Re: TCP-AMP DDoS Attack - Fake abuse reports problem Töma Gavrichenkov (Feb 20)
- Message not available
- Re: TCP-AMP DDoS Attack - Fake abuse reports problem Filip Hruska (Feb 20)
- Re: TCP-AMP DDoS Attack - Fake abuse reports problem Töma Gavrichenkov (Feb 20)
- Re: TCP-AMP DDoS Attack - Fake abuse reports problem Jean | ddostest.me via NANOG (Feb 20)
- Re: TCP-AMP DDoS Attack - Fake abuse reports problem Damian Menscher via NANOG (Feb 20)
- Re: TCP-AMP DDoS Attack - Fake abuse reports problem Tom Beecher (Feb 21)
- Re: TCP-AMP DDoS Attack - Fake abuse reports problem Bottiger (Feb 24)
- Re: TCP-AMP DDoS Attack - Fake abuse reports problem Töma Gavrichenkov (Feb 20)
- Re: TCP-AMP DDoS Attack - Fake abuse reports problem Damian Menscher via NANOG (Feb 20)