[144231] in North American Network Operators' Group
Re: DDoS - CoD?
daemon@ATHENA.MIT.EDU (Alexander Harrowell)
Tue Sep 6 06:11:37 2011
From: Alexander Harrowell <a.harrowell@gmail.com>
To: nanog@nanog.org
Date: Tue, 6 Sep 2011 11:10:22 +0100
In-Reply-To: <CADr-PQ+wjF8OWCoCT5=6bnYnU-yX4oPA4wH7CezghDKWd3rm5A@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--nextPart3668569.TJZhuhLJso
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
On Tuesday 06 Sep 2011 09:14:26 Greg Chalmers wrote:
> Could be legitimate CoD servers responding to a spoofed query?
My first thought looking at the packet dump. Interesting that some poor=20
sap's hotmail address is embedded in it.
> How much
> traffic are you talking about out of curiosity?
>=20
> Regards
> Greg
>=20
>=20
> On Tue, Sep 6, 2011 at 6:03 PM, BH <lists@blackhat.bz> wrote:
>=20
> > On 6/09/2011 4:00 PM, Dobbins, Roland wrote:
> > > I've seen DDoS traffic on UDP/80 as far back as 2002
> > Hi Roland,
> >
> > I should be a bit more clear sorry, I too have frequently seen=20
attacks
> > on 80/udp but mainly as a source (eg. compromised hosting accounts)
> > rather than the destination. I didn't in the past do a packet=20
capture,
> > but I lookes at a couple of scripts and the data was usually randm=20
or
> > just AAAAAA etc. The thing that perplexed me is why it appears to be
> > Call of Duty data more than anything...
> >
> > Thanks
> >
> >
>=20
=2D-=20
The only thing worse than e-mail disclaimers...is people who send e-mail=20
to lists complaining about them
--nextPart3668569.TJZhuhLJso
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iEYEABECAAYFAk5l8ZoACgkQ0c69vkueJcTa8QCghlN+4KBiLYAqHYlSSuZtDJvo
2lsAoJvdXWUtV+GGLu1u//vT8/MaDLk4
=mDr2
-----END PGP SIGNATURE-----
--nextPart3668569.TJZhuhLJso--
