[AusNOG] DDoS Attacks - Painful and Persistent.
Roland Dobbins
rdobbins at arbor.net
Mon Aug 10 17:40:06 EST 2009
On Aug 10, 2009, at 2:15 PM, Craig Meyers wrote:
> Legitimate traffic with this profile that comes to mind is NFS.
Could be, but I'm surprised at 8K packets making it very far across
multiple carriers.
> I've done a whois on some of the source IPs, and I get hosting
> companies
> (not ISPs). Generally these are more hardened against being used as
> botnets vs domestic ISPs.
In my experience, it's hit or miss. Some implement the BCPs, most
don't.
It's also possible the packets are spoofed - multi-provider traceback
plus packet payload would help determine whether or not this is the
case.
> With 100,000+ devices in circulation, this caused a massive DDOS on
> their infrastructure. Forgive me, I can't recall university name.
<http://pages.cs.wisc.edu/~plonka/netgear-sntp/>
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
More information about the AusNOG
mailing list