[144229] in North American Network Operators' Group
Re: DDoS - CoD?
daemon@ATHENA.MIT.EDU (Greg Chalmers)
Tue Sep 6 04:14:59 2011
In-Reply-To: <4E65D3EF.5010404@blackhat.bz>
Date: Tue, 6 Sep 2011 18:14:26 +1000
From: Greg Chalmers <gchalmers@gmail.com>
To: BH <lists@blackhat.bz>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Could be legitimate CoD servers responding to a spoofed query? How much
traffic are you talking about out of curiosity?
Regards
Greg
On Tue, Sep 6, 2011 at 6:03 PM, BH <lists@blackhat.bz> wrote:
> On 6/09/2011 4:00 PM, Dobbins, Roland wrote:
> > I've seen DDoS traffic on UDP/80 as far back as 2002
> Hi Roland,
>
> I should be a bit more clear sorry, I too have frequently seen attacks
> on 80/udp but mainly as a source (eg. compromised hosting accounts)
> rather than the destination. I didn't in the past do a packet capture,
> but I lookes at a couple of scripts and the data was usually randm or
> just AAAAAA etc. The thing that perplexed me is why it appears to be
> Call of Duty data more than anything...
>
> Thanks
>
>
