[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DDoS - CoD?
- Subject: DDoS - CoD?
- From: a.harrowell at gmail.com (Alexander Harrowell)
- Date: Tue, 6 Sep 2011 11:10:22 +0100
- In-reply-to: <CADr-PQ+wjF8OWCoCT5=6bnYnU-yX4oPA4wH7CezghDKWd3rm5A@mail.gmail.com>
- References: <[email protected]> <[email protected]> <CADr-PQ+wjF8OWCoCT5=6bnYnU-yX4oPA4wH7CezghDKWd3rm5A@mail.gmail.com>
On Tuesday 06 Sep 2011 09:14:26 Greg Chalmers wrote:
> Could be legitimate CoD servers responding to a spoofed query?
My first thought looking at the packet dump. Interesting that some poor
sap's hotmail address is embedded in it.
> How much
> traffic are you talking about out of curiosity?
>
> Regards
> Greg
>
>
> On Tue, Sep 6, 2011 at 6:03 PM, BH <lists at blackhat.bz> wrote:
>
> > On 6/09/2011 4:00 PM, Dobbins, Roland wrote:
> > > I've seen DDoS traffic on UDP/80 as far back as 2002
> > Hi Roland,
> >
> > I should be a bit more clear sorry, I too have frequently seen
attacks
> > on 80/udp but mainly as a source (eg. compromised hosting accounts)
> > rather than the destination. I didn't in the past do a packet
capture,
> > but I lookes at a couple of scripts and the data was usually randm
or
> > just AAAAAA etc. The thing that perplexed me is why it appears to be
> > Call of Duty data more than anything...
> >
> > Thanks
> >
> >
>
--
The only thing worse than e-mail disclaimers...is people who send e-mail
to lists complaining about them
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20110906/fc467073/attachment.bin>