Home page logo

nanog logo nanog mailing list archives

Re: UDP port 80 DDoS attack
From: Keegan Holley <keegan.holley () sungard com>
Date: Sun, 5 Feb 2012 19:21:51 -0500

There aren't very many ways to combat DDOS.  That's why it's so popular.
Some ISP's partner with a company that offers a tunnel based scrubbing
service where they DPI all your traffic before they send it to you.  If you
only have a few upstreams it may be helpful to you.  I spoke to them last
year but we have too many links and too many blocks to use it.  I think the
name of the company was prolexic.  They're also a L3 VAR if you have L3
links.  There isn't alot of BGP (AFAIK) magic that doesn't involve cutting
someone off to save the rest of your customers.

2012/2/5 Ray Gasnick III <rgasnick () milestechnologies com>

We just saw a huge flux of traffic occur this morning that spiked one of
our upstream ISPs gear and killed the layer 2 link on another becuase of a
DDoS attack on UDP port 80.

Wireshark shows this appears to be from a compromised game server (call of
duty) with source IPs in a variety of different prefixes.

Only solution thus far was to dump the victim IP address in our block into
the BGP Black hole community with one of our 2 providers and completely
stop advertising to the other.

Anybody see this recently and have any tips on mitigation,  reply on or
off list.

Thank You,

Ray Gasnick III
CISSP, Technology Specialist: Network Security & Infrastructure
Miles Technologies

Phone: (856) 439-0999 x127
Direct: (856) 793-3821
How am I doing?  Email my manager at itmanager () milestechnologies com
<mailto:itmanager () milestechnologies com>

Computer Networking – IT Support – Business Software – Website Design –
Online Marketing & PR

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]