On Sun, Feb 05, 2012 at 06:36:13PM -0500, Ray Gasnick III wrote:
We just saw a huge flux of traffic occur this morning that spiked one of our upstream ISPs gear and killed the layer 2 link on another becuase of a DDoS attack on UDP port 80.
Yep, we've got a customer who's been hit with it a couple of times (5Gbps the first time, 3Gbps the second). For hysterical raisins, we don't actually control the network for this particular customer, but the network provider did pretty much what you did -- blackholed the victim IP. We've mitigated the problem by using a full-time traffic-scrubbing service -- the hope is that the scrubbing service will pay for all the traffic and only the good stuff will get through. Only time will tell if it works. We also had to renumber the customer, as the attacks were obviously remembering the old IP and still knocking it off the network even after the DNS was repointed at the scrubbing service. - Matt -- "I'm tempted to try Gentoo, but then I learned that its installer is in Python, and, well, a base Python install on my system is something like fifty megabytes (for what? oh, right, we NEED four XML libraries, I forgot)." -- Dave Brown, ASR