[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

really nasty attacks

Subject: really nasty attacks
From: bortzmeyer at nic.fr (Stephane Bortzmeyer)
Date: Thu, 27 Sep 2012 17:34:08 +0200
In-reply-to: <[email protected]>
References: <[email protected]>

On Thu, Sep 27, 2012 at 08:55:58AM -0600,
 Miguel Mata <mmata at intercom.com.sv> wrote 
 a message of 30 lines which said:

> Guys,

No gals on NANOG?
 
> The attacks comes from various sites from the other side of the pond
> (46.165.197.xx, 213.152.180.yy).

How can you be sure? With UDP, you have zero guarantee on the source
IP address. (Checking the TTL can give you a hint if the packets
really come from the same point.)

Source and destination port? If source port is 53, it may means you're
the target of a DNS reflection+amplification attack, a la CloudFlare
<http://blog.cloudflare.com/65gbps-ddos-no-problem>.

Follow-Ups:
- really nasty attacks
  - From: patrick at ianai.net (Patrick W. Gilmore)

References:
- really nasty attacks
  - From: mmata at intercom.com.sv (Miguel Mata)

Prev by Date: really nasty attacks
Next by Date: Are NAT'ed networks part of the Internet?
Previous by thread: really nasty attacks
Next by thread: really nasty attacks
Index(es):
- Date
- Thread