I'm being attacked with UDP fragments having a payload 1472 bytes. Seems
like a DDoS that only likes to suck bandwidth.
Anyone on the same coaster? drop me a line.
Are you sure you don't have a customer watching streaming video ?
Regards
Marshall
LOL!
I guess if they are from different source addresses, varying UDP ports etc and the total bandwidth in infeasible for a typical video stream..
Thankfully it sounds quite easy to build a filter for.
LOL!
I guess if they are from different source addresses, varying UDP ports etc and the total bandwidth in infeasible for a typical video stream..
I was quite serious.
I run a video streaming site, AmericaFree.TV.
Most of our packets are 1450 bytes, because that is the limit set to avoid MTU issues. (We also multicast, with the same packet size, and tunnels can be an MTU issue.)
We from time to time get emails claiming that rogue machines here are conducting a DOS against some network, please stop, etc. Upon investigation, every one of these has been someone (or several someones) joining a unicast video stream and watching the 3 Stooges or another video program, as shown by my server logs.
But, you do raise a good point :
_Are_ these packets from different ports, different IP addresses ?
What is the total bandwidth consumed ?
Are they truly packet fragments ?
Thankfully it sounds quite easy to build a filter for.
Just please don't filter out all video !
--
Leigh
Regards
Marshall