udp fragments, 1472 bytes payload
I'm being attacked with UDP fragments having a payload 1472 bytes. Seems like a DDoS that only likes to suck bandwidth. Anyone on the same coaster? drop me a line. -- Miguel Mata Gerente de Operaciones Intercom El Salvador mmata@intercom.com.sv voz: ++(503) 2278-5068 fax: ++(503) 2265-7024 "Intercom, sus Telecomunicaciones en buenas manos"
Are you sure you don't have a customer watching streaming video ? Regards Marshall On Aug 14, 2007, at 7:20 PM, Miguel Mata wrote:
I'm being attacked with UDP fragments having a payload 1472 bytes. Seems like a DDoS that only likes to suck bandwidth.
Anyone on the same coaster? drop me a line.
-- Miguel Mata Gerente de Operaciones Intercom El Salvador mmata@intercom.com.sv voz: ++(503) 2278-5068 fax: ++(503) 2265-7024
"Intercom, sus Telecomunicaciones en buenas manos"
LOL! I guess if they are from different source addresses, varying UDP ports etc and the total bandwidth in infeasible for a typical video stream.. Thankfully it sounds quite easy to build a filter for. -- Leigh Marshall Eubanks wrote:
Are you sure you don't have a customer watching streaming video ?
Regards Marshall
On Aug 14, 2007, at 7:20 PM, Miguel Mata wrote:
I'm being attacked with UDP fragments having a payload 1472 bytes. Seems like a DDoS that only likes to suck bandwidth.
Anyone on the same coaster? drop me a line.
-- Miguel Mata Gerente de Operaciones Intercom El Salvador mmata@intercom.com.sv voz: ++(503) 2278-5068 fax: ++(503) 2265-7024
"Intercom, sus Telecomunicaciones en buenas manos"
On Aug 15, 2007, at 2:01 AM, Leigh Porter wrote:
LOL!
I guess if they are from different source addresses, varying UDP ports etc and the total bandwidth in infeasible for a typical video stream..
I was quite serious. I run a video streaming site, AmericaFree.TV. Most of our packets are 1450 bytes, because that is the limit set to avoid MTU issues. (We also multicast, with the same packet size, and tunnels can be an MTU issue.) We from time to time get emails claiming that rogue machines here are conducting a DOS against some network, please stop, etc. Upon investigation, every one of these has been someone (or several someones) joining a unicast video stream and watching the 3 Stooges or another video program, as shown by my server logs. But, you do raise a good point : _Are_ these packets from different ports, different IP addresses ? What is the total bandwidth consumed ? Are they truly packet fragments ?
Thankfully it sounds quite easy to build a filter for.
Just please don't filter out all video !
-- Leigh
Regards Marshall
Marshall Eubanks wrote:
Are you sure you don't have a customer watching streaming video ?
Regards Marshall
On Aug 14, 2007, at 7:20 PM, Miguel Mata wrote:
I'm being attacked with UDP fragments having a payload 1472 bytes. Seems like a DDoS that only likes to suck bandwidth.
Anyone on the same coaster? drop me a line.
-- Miguel Mata Gerente de Operaciones Intercom El Salvador mmata@intercom.com.sv voz: ++(503) 2278-5068 fax: ++(503) 2265-7024
"Intercom, sus Telecomunicaciones en buenas manos"
participants (3)
-
Leigh Porter
-
Marshall Eubanks
-
Miguel Mata