nanog mailing list archives
UDP port 80 DDoS attack
From: Ray Gasnick III <rgasnick () milestechnologies com>
Date: Sun, 5 Feb 2012 18:36:13 -0500
We just saw a huge flux of traffic occur this morning that spiked one of our upstream ISPs gear and killed the layer 2 link on another becuase of a DDoS attack on UDP port 80. Wireshark shows this appears to be from a compromised game server (call of duty) with source IPs in a variety of different prefixes. Only solution thus far was to dump the victim IP address in our block into the BGP Black hole community with one of our 2 providers and completely stop advertising to the other. Anybody see this recently and have any tips on mitigation, reply on or off list. Thank You, Ray Gasnick III CISSP, Technology Specialist: Network Security & Infrastructure Miles Technologies www.milestechnologies.com<http://www.milestechnologies.com/> Phone: (856) 439-0999 x127 Direct: (856) 793-3821 How am I doing? Email my manager at itmanager () milestechnologies com<mailto:itmanager () milestechnologies com> Computer Networking – IT Support – Business Software – Website Design – Online Marketing & PR
Current thread:
- UDP port 80 DDoS attack Ray Gasnick III (Feb 05)
- Re: UDP port 80 DDoS attack Fredrik Holmqvist / I2B (Feb 05)
- RE: UDP port 80 DDoS attack Drew Weaver (Feb 08)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 05)
- Re: UDP port 80 DDoS attack Dobbins, Roland (Feb 05)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 05)
- Re: UDP port 80 DDoS attack Dobbins, Roland (Feb 05)
- Re: UDP port 80 DDoS attack Dobbins, Roland (Feb 05)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 05)
- Re: UDP port 80 DDoS attack Dobbins, Roland (Feb 05)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 05)
- Re: UDP port 80 DDoS attack Dobbins, Roland (Feb 05)
- Re: UDP port 80 DDoS attack Fredrik Holmqvist / I2B (Feb 05)