[160097] in North American Network Operators' Group
Re: DDoS Attacks Cause of Game Servers
daemon@ATHENA.MIT.EDU (Stephane Bortzmeyer)
Thu Jan 31 03:03:17 2013
Date: Thu, 31 Jan 2013 09:02:02 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Shahab Vahabzadeh <sh.vahabzadeh@gmail.com>
In-Reply-To: <CAGqGmqbtccitidR=-SdK-pgmRL5TmPM6AMc3k9w_3udUg78C-A@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Jan 31, 2013 at 11:23:11AM +0330,
Shahab Vahabzadeh <sh.vahabzadeh@gmail.com> wrote
a message of 55 lines which said:
> Those ip addresses I send were only sample, its 5 page :D and not
> only those addresses.
Because the attacker attacks when they have a new opponent. They DoS
it long enough to win a race, then start a new fight in the game.
> And you are looking to target 128.141.X.Y its mine and I change it because
> of mailing list, maybe attackers are here.
> You must check the sources not destination.
What Jeroen said is that source IP addresses are spoofed (which is
common with UDP-based protocols such as the DNS). They are the
victim's addresses, not the attacker's.
