nanog mailing list archives
Re: UDP port 80 DDoS attack
From: Matthew Palmer <mpalmer () hezmatt org>
Date: Mon, 6 Feb 2012 11:30:39 +1100
On Sun, Feb 05, 2012 at 06:36:13PM -0500, Ray Gasnick III wrote:
We just saw a huge flux of traffic occur this morning that spiked one of our upstream ISPs gear and killed the layer 2 link on another becuase of a DDoS attack on UDP port 80.
Yep, we've got a customer who's been hit with it a couple of times (5Gbps the first time, 3Gbps the second). For hysterical raisins, we don't actually control the network for this particular customer, but the network provider did pretty much what you did -- blackholed the victim IP. We've mitigated the problem by using a full-time traffic-scrubbing service -- the hope is that the scrubbing service will pay for all the traffic and only the good stuff will get through. Only time will tell if it works. We also had to renumber the customer, as the attacks were obviously remembering the old IP and still knocking it off the network even after the DNS was repointed at the scrubbing service. - Matt -- "I'm tempted to try Gentoo, but then I learned that its installer is in Python, and, well, a base Python install on my system is something like fifty megabytes (for what? oh, right, we NEED four XML libraries, I forgot)." -- Dave Brown, ASR
Current thread:
- Re: UDP port 80 DDoS attack, (continued)
- Re: UDP port 80 DDoS attack Steve Bertrand (Feb 05)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 05)
- Re: UDP port 80 DDoS attack Steve Bertrand (Feb 05)
- Re: UDP port 80 DDoS attack Jeff Wheeler (Feb 05)
- Re: UDP port 80 DDoS attack dennis (Feb 06)
- Re: UDP port 80 DDoS attack Sven Olaf Kamphuis (Feb 06)
- Re: UDP port 80 DDoS attack Jeff Wheeler (Feb 06)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 06)
- Re: UDP port 80 DDoS attack Joe Greco (Feb 07)
- RE: UDP port 80 DDoS attack George Bonser (Feb 07)