nanog mailing list archives
Re: Ransom DDoS attack - need help!
From: Baldur Norddahl <baldur.norddahl () gmail com>
Date: Thu, 10 Dec 2015 02:38:45 +0100
On 10 December 2015 at 01:48, alvin nanog <nanogml () mail ddos-mitigator net> wrote:
what app do yu have that talks to port 1900 ?
UDP 1900 is a "Chargen" UDP reflection attack. The DNS and NTP packets are also from a reflection attack. We filter UDP 1900 at our border. Not to protect our network from attack, although it still helps. The packets might have come down our IP transit pipes, which are high capacity, but we can still stop it from doing further damage at the smaller pipes in our access network. We filter UDP 1900 because too many of our customers run vulnerable CPE devices that can be abused as a Chargen reflector. We stop that hard by dropping UDP 1900 both ingress and egress. He is being hit with a volume based UDP reflection attack. The IP addresses are not faked. They all lead back to people that run vulnerable CPE devices, NTP servers or open DNS resolvers. Reflection attacks require that you have the ability to send out faked IP addresses. Botnets are generally unable to do that. Their max attack size is limited by the bandwidth at the server, where they have the ability to send out faked UDP packets. Keep attacking you if you do not pay is bad business. They could be attacking someone who will pay instead. No one has infinite attack bandwidth available. Regards, Baldur
Current thread:
- Re: Ransom DDoS attack - need help!, (continued)
- Re: Ransom DDoS attack - need help! alvin nanog (Dec 03)
- Re: Ransom DDoS attack - need help! Roland Dobbins (Dec 03)
- Re: Ransom DDoS attack - need help! alvin nanog (Dec 04)
- Re: Ransom DDoS attack - need help! Roland Dobbins (Dec 08)
- Re: Ransom DDoS attack - need help! alvin nanog (Dec 09)
- Re: Ransom DDoS attack - need help! alvin nanog (Dec 09)
- Re: Ransom DDoS attack - need help! Baldur Norddahl (Dec 09)
- Re: Ransom DDoS attack - need help! Baldur Norddahl (Dec 09)
- Re: Ransom DDoS attack - need help! bzs (Dec 10)
- Re: Ransom DDoS attack - need help! Roland Dobbins (Dec 09)
- Re: Ransom DDoS attack - need help! Ian Clark (Dec 10)
- Re: Ransom DDoS attack - need help! alvin nanog (Dec 10)