[149444] in North American Network Operators' Group
UDP port 80 DDoS attack
daemon@ATHENA.MIT.EDU (Ray Gasnick III)
Sun Feb 5 18:37:43 2012
From: Ray Gasnick III <rgasnick@milestechnologies.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Sun, 5 Feb 2012 18:36:13 -0500
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
We just saw a huge flux of traffic occur this morning that spiked one of ou=
r upstream ISPs gear and killed the layer 2 link on another becuase of a DD=
oS attack on UDP port 80.
Wireshark shows this appears to be from a compromised game server (call of =
duty) with source IPs in a variety of different prefixes.
Only solution thus far was to dump the victim IP address in our block into =
the BGP Black hole community with one of our 2 providers and completely sto=
p advertising to the other.
Anybody see this recently and have any tips on mitigation, reply on or off=
list.
Thank You,
Ray Gasnick III
CISSP, Technology Specialist: Network Security & Infrastructure
Miles Technologies
www.milestechnologies.com<http://www.milestechnologies.com/>
Phone: (856) 439-0999 x127
Direct: (856) 793-3821
How am I doing? Email my manager at itmanager@milestechnologies.com<mailto=
:itmanager@milestechnologies.com>
Computer Networking =96 IT Support =96 Business Software =96 Website Design=
=96 Online Marketing & PR
