[149447] in North American Network Operators' Group
Re: UDP port 80 DDoS attack
daemon@ATHENA.MIT.EDU (Keegan Holley)
Sun Feb 5 19:23:22 2012
In-Reply-To: <7F48F1B1D2983A49AFC2A39FAC634039AE924E9CF1@miles-exch01.miles.office>
From: Keegan Holley <keegan.holley@sungard.com>
Date: Sun, 5 Feb 2012 19:21:51 -0500
To: Ray Gasnick III <rgasnick@milestechnologies.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
There aren't very many ways to combat DDOS. That's why it's so popular.
Some ISP's partner with a company that offers a tunnel based scrubbing
service where they DPI all your traffic before they send it to you. If you
only have a few upstreams it may be helpful to you. I spoke to them last
year but we have too many links and too many blocks to use it. I think the
name of the company was prolexic. They're also a L3 VAR if you have L3
links. There isn't alot of BGP (AFAIK) magic that doesn't involve cutting
someone off to save the rest of your customers.
2012/2/5 Ray Gasnick III <rgasnick@milestechnologies.com>
> We just saw a huge flux of traffic occur this morning that spiked one of
> our upstream ISPs gear and killed the layer 2 link on another becuase of =
a
> DDoS attack on UDP port 80.
>
>
>
> Wireshark shows this appears to be from a compromised game server (call o=
f
> duty) with source IPs in a variety of different prefixes.
>
>
>
> Only solution thus far was to dump the victim IP address in our block int=
o
> the BGP Black hole community with one of our 2 providers and completely
> stop advertising to the other.
>
>
>
> Anybody see this recently and have any tips on mitigation, reply on or
> off list.
>
>
>
> Thank You,
>
> Ray Gasnick III
> CISSP, Technology Specialist: Network Security & Infrastructure
> Miles Technologies
> www.milestechnologies.com<http://www.milestechnologies.com/>
>
> Phone: (856) 439-0999 x127
> Direct: (856) 793-3821
> How am I doing? Email my manager at itmanager@milestechnologies.com
> <mailto:itmanager@milestechnologies.com>
>
> Computer Networking =96 IT Support =96 Business Software =96 Website Desi=
gn =96
> Online Marketing & PR
>
>
>
