On Mon, Dec 9, 2019 at 3:42 PM Michael Sherlock <[email protected]> wrote: > > Cristopher, > > Ip addresses that are not currently in use, and IP addresses that is > currently used for CGNAT for end users >
I'm 100% sure that those words mean something to you.. but not operating your network they don't mean anything to me. > > Regards, > > Michael Sherlock > Mobile: +44 75070 92392 > > Sent from my iPhone > > On Dec 9, 2019, at 8:36 PM, "[email protected]" > <[email protected]> wrote: > > > > Begin forwarded message: > > From: Christopher Morrow <[email protected]> > Subject: Re: DDoS attack > Date: December 9, 2019 at 11:11:31 PM GMT+3 > To: "[email protected]" <[email protected]> > Cc: nanog list <[email protected]> > > I'd note that: "what prefixes?" isn't answered here... like: "what is > the thing on your network which is being attacked?" > > On Mon, Dec 9, 2019 at 3:08 PM [email protected] > <[email protected]> wrote: > > > Dear All, > > My network is being flooded with UDP packets, Denial of Service attack, > soucing from Cloud flare and Google IP Addresses, with 200-300 mbps minimum > traffic, the destination in my network are IP prefixes that is currnetly not > used but still getting traffic with high volume. > The traffic is being generated with high intervals between 10-30 Minutes for > each time, maxing to 800 mbps > When reached out cloudflare support, they mentioned that there services are > running on Nat so they can’t pin out which server is attacking based on ip > address alone, as a single IP has more than 5000 server behind it, providing > 1 source IP and UDP source port, didn’t help either > Any suggestions? > > Regards, > Ahmed Dala Ali > >
