[77804] in North American Network Operators' Group
Re: UDP Port 80 Flooding
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Tue Feb 8 22:30:53 2005
Date: Wed, 09 Feb 2005 03:29:52 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
In-reply-to: <Pine.LNX.4.44.0502082222530.16506-100000@nucleus.nacs.net>
To: Greg Boehnlein <damin@nacs.net>
Cc: nanog@nanog.org
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 8 Feb 2005, Greg Boehnlein wrote:
>
> Anyone seen a rash of UDP port 80 packet floods lately? We found a huge
> flood of packets from an address in Taiwan flooding into a customer's IP
> on our LAN yesterday, which pushed traffic counts off the charts. Any idea
> what might be at the heart of this?
made 'famous' around may-day 2001... Chinese vs US 'hackers', the chinese
folks got quite a letter writing campaign going, had all their friends
download a 'network testing tool' from foundstone (I think) a little
windows app that would allow you to put in:
port
protocol
size
(perhaps time)
and flood away! :) It was 'great' because you could figure the problem out
quickly and filter/rate-limit udp/80 traffic :) Today I imagine it's
probably some purpose built code to just pummel out udp traffic, but this
is far from 'new' :(
