Re: DDoS - CoD? - Activision contact

[BH <lists () blackhat bz>]

Looking around, I believe the issue is that the IP has ended up on a 
master game list, so we are now getting the queries directed at US.

For anyone interested, there seems to be some info here:

http://forums.steampowered.com/forums/showthread.php?t=1670090

With the packet capture I have and the symptoms looking very alike the 
example in my original email.

I found an earlier example as well with similar symptoms:
http://forums.srcds.com/viewtopic/15737

Is there anyone from Activision on the list or does anyone have an 
Activision contact? Replies off list welcome, I can provide more details 
there.


On 6/09/2011 6:10 PM, Alexander Harrowell wrote:
> On Tuesday 06 Sep 2011 09:14:26 Greg Chalmers wrote:
> > Could be legitimate CoD servers responding to a spoofed query?
>
> My first thought looking at the packet dump. Interesting that some poor
> sap's hotmail address is embedded in it.
>
> > How much
> > traffic are you talking about out of curiosity?
> >
> > Regards
> > Greg
> >
> >
> > On Tue, Sep 6, 2011 at 6:03 PM, BH<lists () blackhat bz>  wrote:
> >
> > > On 6/09/2011 4:00 PM, Dobbins, Roland wrote:
> > > > I've seen DDoS traffic on UDP/80 as far back as 2002
> > > Hi Roland,
> > >
> > > I should be a bit more clear sorry, I too have frequently seen
> attacks
> > > on 80/udp but mainly as a source (eg. compromised hosting accounts)
> > > rather than the destination. I didn't in the past do a packet
> capture,
> > > but I lookes at a couple of scripts and the data was usually randm
> or
> > > just AAAAAA etc. The thing that perplexed me is why it appears to be
> > > Call of Duty data more than anything...
> > >
> > > Thanks