Hi. The IPs you see is the exploited gameservers, so "just" contact them, and send them the link below. There is a workaround for it: http://rankgamehosting.ru/index.php?showtopic=1320 We have had problem with this in the past. Usually we get "abuse complaints" from the admin of the game server(s) claiming one of our customers is DDoSing them, when in fact their servers are used to DDoS our customer(s). After explaining how the DDoS works and sending them the link above, they fix the problem on their side. We have also tried to send abuse messages to the ISPs of the exploited servers, and can't say that we are pleased with the response, the small ISPs responded and took care of the issue (talked with their customers), most big ones didn't even send a ACK back. When this attack type was used (1+ year ago) we had aprox 3.5 Gbit coming from the gameservers. On 2013-01-31 07:02, Stephane Bortzmeyer wrote:
On Thu, Jan 31, 2013 at 11:23:11AM +0330, Shahab Vahabzadeh <sh.vahabzadeh@gmail.com> wrote a message of 55 lines which said:
Those ip addresses I send were only sample, its 5 page :D and not only those addresses.
Because the attacker attacks when they have a new opponent. They DoS it long enough to win a race, then start a new fight in the game.
And you are looking to target 128.141.X.Y its mine and I change it because of mailing list, maybe attackers are here. You must check the sources not destination.
What Jeroen said is that source IP addresses are spoofed (which is common with UDP-based protocols such as the DNS). They are the victim's addresses, not the attacker's.
-- Fredrik Holmqvist I2B (Internet 2 Business) 070-740 5033