[149549] in North American Network Operators' Group
RE: UDP port 80 DDoS attack
daemon@ATHENA.MIT.EDU (George Bonser)
Wed Feb 8 03:05:39 2012
From: George Bonser <gbonser@seven.com>
To: bas <kilobit@gmail.com>, nanog <nanog@nanog.org>
Date: Wed, 8 Feb 2012 08:04:42 +0000
In-Reply-To: <CAEs2ZiK0V5yNU3ni6HGt6vbGpnbNquvxsq0uWrbpYO94EFYeDg@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> -----Original Message-----
> From: bas=20
> Sent: Tuesday, February 07, 2012 11:56 PM
> To: Dobbins, Roland; nanog
> Subject: Re: UDP port 80 DDoS attack
>=20
> Say eyeball provider X has implemented automated S/RTBH, and I have a
> grudge against them.
> I would simply DoS a couple of the subscribers *with spoofed source IP*
> addresses from google, youtube, netflow and hulu.
> The automated S/RTBH drops all packets coming from those IP addresses.
> Presto; many angry consumers call the ISP's helpdesk.
Comes back to providers allowing "spoofed" traffic into their networks from=
customers. That seems to me to be the low-hanging fruit here.
