Re: DDoS attack

[Filip Hruska <fhr () fhrnet eu>]

Hello, 

which attack protocol are seeing? I suspect you're seeing DNS based amplification or similar, in which case you can't 
really pinpoint the attack source... 

800Mbps is not a whole lot of traffic - does it cause any disruptions to you? If the prefixes are not in use, I would 
suggest the use of RTBH (null routing / blackholing) 

Kind Regards, 
Filip Hruska



On 9 December 2019 9:07:35 pm GMT+01:00, "ahmed.dalaali () hrins net" <ahmed.dalaali () hrins net> wrote:
> Dear All, 
>
> My network is being flooded with UDP packets, Denial of Service attack,
> soucing from Cloud flare and Google IP Addresses, with 200-300 mbps
> minimum traffic, the destination in my network are IP prefixes that is
> currnetly not used but still getting traffic with high volume.
> The traffic is being generated with high intervals between 10-30
> Minutes for each time, maxing to 800 mbps
> When reached out cloudflare support, they mentioned that there services
> are running on Nat so they can’t pin out which server is attacking
> based on ip address alone, as a single IP has more than 5000 server
> behind it, providing 1 source IP and UDP source port, didn’t help
> either
> Any suggestions?
>
> Regards, 
> Ahmed Dala Ali 

-- 
Sent from my mobile device. Please excuse my brevity.