mailing list archives
Re: UDP port 80 DDoS attack
From: Keegan Holley <keegan.holley () sungard com>
Date: Sun, 5 Feb 2012 19:21:51 -0500
There aren't very many ways to combat DDOS. That's why it's so popular.
Some ISP's partner with a company that offers a tunnel based scrubbing
service where they DPI all your traffic before they send it to you. If you
only have a few upstreams it may be helpful to you. I spoke to them last
year but we have too many links and too many blocks to use it. I think the
name of the company was prolexic. They're also a L3 VAR if you have L3
links. There isn't alot of BGP (AFAIK) magic that doesn't involve cutting
someone off to save the rest of your customers.
2012/2/5 Ray Gasnick III <rgasnick () milestechnologies com>
We just saw a huge flux of traffic occur this morning that spiked one of
our upstream ISPs gear and killed the layer 2 link on another becuase of a
DDoS attack on UDP port 80.
Wireshark shows this appears to be from a compromised game server (call of
duty) with source IPs in a variety of different prefixes.
Only solution thus far was to dump the victim IP address in our block into
the BGP Black hole community with one of our 2 providers and completely
stop advertising to the other.
Anybody see this recently and have any tips on mitigation, reply on or
Ray Gasnick III
CISSP, Technology Specialist: Network Security & Infrastructure
Phone: (856) 439-0999 x127
Direct: (856) 793-3821
How am I doing? Email my manager at itmanager () milestechnologies com
<mailto:itmanager () milestechnologies com>
Computer Networking – IT Support – Business Software – Website Design –
Online Marketing & PR