nanog mailing list archives

Re: really nasty attacks

From: Stephane Bortzmeyer <bortzmeyer () nic fr>
Date: Thu, 27 Sep 2012 17:34:08 +0200

On Thu, Sep 27, 2012 at 08:55:58AM -0600,
 Miguel Mata <mmata () intercom com sv> wrote 
 a message of 30 lines which said:

Guys,


No gals on NANOG?

The attacks comes from various sites from the other side of the pond
(46.165.197.xx, 213.152.180.yy).


How can you be sure? With UDP, you have zero guarantee on the source
IP address. (Checking the TTL can give you a hint if the packets
really come from the same point.)

Source and destination port? If source port is 53, it may means you're
the target of a DNS reflection+amplification attack, a la CloudFlare
<http://blog.cloudflare.com/65gbps-ddos-no-problem>.

Current thread:

really nasty attacks Miguel Mata (Sep 27)
- Re: really nasty attacks Jared Mauch (Sep 27)
- Re: really nasty attacks Stephane Bortzmeyer (Sep 27)
  - Re: really nasty attacks Patrick W. Gilmore (Sep 27)
    - Re: really nasty attacks Jim Mercer (Sep 27)
    - guys != gender neutral Jo Rhett (Sep 27)
    - Re: guys != gender neutral Owen DeLong (Sep 27)
    - Re: guys != gender neutral Jay Ashworth (Sep 27)
    - RE: guys != gender neutral Eric Wieling (Sep 27)
    - Re: guys != gender neutral Landon Stewart (Sep 27)
    - Re: guys != gender neutral Jethro R Binks (Sep 27)
    - Re: guys != gender neutral Larry Stites (Sep 27)
    - RE: guys != gender neutral Lorell Hathcock (Sep 27)

(Thread continues...)