Hello, which attack protocol are seeing? I suspect you're seeing DNS based amplification or similar, in which case you can't really pinpoint the attack source...
800Mbps is not a whole lot of traffic - does it cause any disruptions to you? If the prefixes are not in use, I would suggest the use of RTBH (null routing / blackholing) Kind Regards, Filip Hruska On 9 December 2019 9:07:35 pm GMT+01:00, "ahmed.dala...@hrins.net" <ahmed.dala...@hrins.net> wrote: >Dear All, > >My network is being flooded with UDP packets, Denial of Service attack, >soucing from Cloud flare and Google IP Addresses, with 200-300 mbps >minimum traffic, the destination in my network are IP prefixes that is >currnetly not used but still getting traffic with high volume. >The traffic is being generated with high intervals between 10-30 >Minutes for each time, maxing to 800 mbps >When reached out cloudflare support, they mentioned that there services >are running on Nat so they can’t pin out which server is attacking >based on ip address alone, as a single IP has more than 5000 server >behind it, providing 1 source IP and UDP source port, didn’t help >either >Any suggestions? > >Regards, >Ahmed Dala Ali -- Sent from my mobile device. Please excuse my brevity.