Looking around, I believe the issue is that the IP has ended up on a master game list, so we are now getting the queries directed at US. For anyone interested, there seems to be some info here: http://forums.steampowered.com/forums/showthread.php?t=1670090 With the packet capture I have and the symptoms looking very alike the example in my original email. I found an earlier example as well with similar symptoms: http://forums.srcds.com/viewtopic/15737 Is there anyone from Activision on the list or does anyone have an Activision contact? Replies off list welcome, I can provide more details there. On 6/09/2011 6:10 PM, Alexander Harrowell wrote:
On Tuesday 06 Sep 2011 09:14:26 Greg Chalmers wrote:
Could be legitimate CoD servers responding to a spoofed query?
My first thought looking at the packet dump. Interesting that some poor sap's hotmail address is embedded in it.
How much traffic are you talking about out of curiosity?
Regards Greg
On Tue, Sep 6, 2011 at 6:03 PM, BH<lists@blackhat.bz> wrote:
On 6/09/2011 4:00 PM, Dobbins, Roland wrote:
I've seen DDoS traffic on UDP/80 as far back as 2002 Hi Roland,
I should be a bit more clear sorry, I too have frequently seen attacks on 80/udp but mainly as a source (eg. compromised hosting accounts) rather than the destination. I didn't in the past do a packet capture, but I lookes at a couple of scripts and the data was usually randm or just AAAAAA etc. The thing that perplexed me is why it appears to be Call of Duty data more than anything...
Thanks