27 Sep
2012
27 Sep
'12
11:34 a.m.
On Thu, Sep 27, 2012 at 08:55:58AM -0600, Miguel Mata <mmata@intercom.com.sv> wrote a message of 30 lines which said:
Guys,
No gals on NANOG?
The attacks comes from various sites from the other side of the pond (46.165.197.xx, 213.152.180.yy).
How can you be sure? With UDP, you have zero guarantee on the source IP address. (Checking the TTL can give you a hint if the packets really come from the same point.) Source and destination port? If source port is 53, it may means you're the target of a DNS reflection+amplification attack, a la CloudFlare <http://blog.cloudflare.com/65gbps-ddos-no-problem>.