[160096] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: DDoS Attacks Cause of Game Servers

daemon@ATHENA.MIT.EDU (Shahab Vahabzadeh)
Thu Jan 31 02:53:44 2013

In-Reply-To: <510A1F13.1090809@massar.ch>
From: Shahab Vahabzadeh <sh.vahabzadeh@gmail.com>
Date: Thu, 31 Jan 2013 11:23:11 +0330
To: Jeroen Massar <jeroen@massar.ch>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

Those ip addresses I send were only sample, its 5 page :D and not only
those addresses.
And you are looking to target 128.141.X.Y its mine and I change it because
of mailing list, maybe attackers are here.
You must check the sources not destination.
Thanks

On Thu, Jan 31, 2013 at 11:06 AM, Jeroen Massar <jeroen@massar.ch> wrote:

> On 2013-01-31 08:04 , Shahab Vahabzadeh wrote:
> > Hi everybody,
> > Last two days I was under an interesting attack which comes from multiple
> > sources to three of my ADSL users destination.
>
> You say that it comes from multiple sources to 3 of your DSL users.
>
> The below source/dest though shows that the destination is from CERN in
> Switzerland, you know the people who build black holes ;)
>
> The IP does not ping at the moment, but the whois indicates 'dyn' in the
> netname thus that is not too unsurprising.
>
> > The attack make router to ran out of CPU and we had to reload it to
> solve.
> > I ask those three users and they said we are only game players and all of
> > them were kids, I think they told the true, they told we are playing:
> > http://intl.garena.com/
>
> Looks not like a game, just another messenger / IM client.
>
> > Attacks takes only 20 or 30 minutes and it happens only 4 times in two
> days.
> > I could'nt capture any packet but this is out put of my "show ip
> > accounting" that time:
>
> You'll be needing a bit more info than that... and 117 packets with a
> total of 5148 bytes is not a lot of traffic to put anything down (unless
> it is a targeted attack)
>
> You might though contact the CERN NOC, if you really think something is
> funny there. Timestamps might be very useful to provide though,
> especially if the IP is really dynamic.
>
> Greets,
>  Jeroen
>
>


-- 
Regards,
Shahab Vahabzadeh, Network Engineer and System Administrator

Cell Phone: +1 (415) 871 0742
PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81  C2EE 76A2 46C2 5367 BF90

home help back first fref pref prev next nref lref last post