On Aug 15, 2007, at 2:01 AM, Leigh Porter wrote:
LOL!
I guess if they are from different source addresses, varying UDP
ports etc and the total bandwidth in infeasible for a typical video
stream..
I was quite serious.
I run a video streaming site, AmericaFree.TV.
Most of our packets are 1450 bytes, because that is the limit set to
avoid MTU issues. (We also multicast, with the same packet size, and
tunnels can be an MTU issue.)
We from time to time get emails claiming that rogue machines here are
conducting a DOS against some network, please stop, etc. Upon
investigation, every one of these has been someone (or several
someones) joining a unicast video stream and watching the 3 Stooges
or another video program, as shown by my server logs.
But, you do raise a good point :
_Are_ these packets from different ports, different IP addresses ?
What is the total bandwidth consumed ?
Are they truly packet fragments ?
Thankfully it sounds quite easy to build a filter for.
Just please don't filter out all video !
--
Leigh
Regards
Marshall
Marshall Eubanks wrote:
Are you sure you don't have a customer watching streaming video ?
Regards
Marshall
On Aug 14, 2007, at 7:20 PM, Miguel Mata wrote:
I'm being attacked with UDP fragments having a payload 1472
bytes. Seems
like a DDoS that only likes to suck bandwidth.
Anyone on the same coaster? drop me a line.
--
Miguel Mata
Gerente de Operaciones
Intercom El Salvador
[EMAIL PROTECTED]
voz: ++(503) 2278-5068
fax: ++(503) 2265-7024
"Intercom, sus Telecomunicaciones en buenas manos"
