[GTER] Ataque DDOS

Rodrigo Meireles mikrotikfull at gmail.com
Mon Oct 5 11:26:06 -03 2015


Qual o roteador do BGP?
edge router?
1900 é protocolo de Neighboor Discovery!
Desabilita o discovery no edge e testa!

2015-10-05 7:35 GMT-03:00 Glauber Derlland <glauber at vescnet.com.br>:

> Bom dia,
>
> Alguem esta enfrentando isso tipo de Ataque
>
> Sep/29/2015 19:56:55 , proto UDP, 88.250.183.167:1900->XXX.XXX.XXX.XXX:80,
> len 266
> Sep/29/2015 19:56:55 , proto UDP, 95.9.114.232:1900->XXX.XXX.XXX.XXX:80,
> len 321
> Sep/29/2015 19:56:55 , proto UDP, 95.9.114.232:1900->XXX.XXX.XXX.XXX:80,
> len 321
> Sep/29/2015 19:56:55 , proto UDP, 78.186.8.157:1900->XXX.XXX.XXX.XXX:80,
> len 321
> Sep/29/2015 19:56:55 , proto UDP, 72.229.228.53:1900->XXX.XXX.XXX.XXX:80,
> len 338
> Sep/29/2015 19:56:55 , proto UDP, 41.196.86.182:1900->XXX.XXX.XXX.XXX:80,
> len 258
> Sep/29/2015 19:56:55 , proto UDP, 75.89.110.97:1900->XXX.XXX.XXX.XXX:80,
> len 367
> Sep/29/2015 19:56:55 , proto UDP, 173.186.125.161:1900
> ->XXX.XXX.XXX.XXX:80,
> len 359
> Sep/29/2015 19:56:55 , proto UDP, 85.96.207.61:1900->XXX.XXX.XXX.XXX:80,
> len 316
> Sep/29/2015 19:56:55 , proto UDP, 24.208.37.154:1900->XXX.XXX.XXX.XXX:80,
> len 266
> Sep/29/2015 19:56:55 , proto UDP, 24.208.37.154:1900->XXX.XXX.XXX.XXX:80,
> len 338
> Sep/29/2015 19:56:55 , proto UDP, 76.24.200.75:1900->XXX.XXX.XXX.XXX:80,
> len 266
> Sep/29/2015 19:56:55 , proto UDP, 98.30.40.44:1900->XXX.XXX.XXX.XXX:80,
> len
> 330
> Sep/29/2015 19:56:55 , proto UDP, 37.242.12.64:1900->XXX.XXX.XXX.XXX:80,
> len 329
> Sep/29/2015 19:56:55 , proto UDP, 188.118.251.216:1900
> ->XXX.XXX.XXX.XXX:80,
> len 355
> Sep/29/2015 19:56:55 , proto UDP, 190.214.140.21:1900->XXX.XXX.XXX.XXX:80,
> len 312
> Sep/29/2015 19:56:55 , proto UDP, 78.189.168.191:1900->XXX.XXX.XXX.XXX:80,
> len 300
> Sep/29/2015 19:56:55 , proto UDP, 88.250.168.173:1900->XXX.XXX.XXX.XXX:80,
> len 337
> Sep/29/2015 19:56:55 , proto UDP, 88.250.168.173:1900->XXX.XXX.XXX.XXX:80,
> len 331
> Sep/29/2015 19:56:55 , proto UDP, 166.102.230.129:1900
> ->XXX.XXX.XXX.XXX:80,
> len 295
> Sep/29/2015 19:56:55 , proto UDP, 208.106.2.83:1900->XXX.XXX.XXX.XXX:80,
> len 355
> Sep/29/2015 19:56:55 , proto UDP, 76.24.200.75:1900->XXX.XXX.XXX.XXX:80,
> len 338
> Sep/29/2015 19:56:55 , proto UDP, 78.189.168.191:1900->XXX.XXX.XXX.XXX:80,
> len 351
> Sep/29/2015 19:56:55 , proto UDP, 166.102.230.129:1900
> ->XXX.XXX.XXX.XXX:80,
> len 306
> Sep/29/2015 19:56:55 , proto UDP, 208.106.2.83:1900->XXX.XXX.XXX.XXX:80,
> len 302
> Sep/29/2015 19:56:55 , proto UDP, 76.24.200.75:1900->XXX.XXX.XXX.XXX:80,
> len 334
> Sep/29/2015 19:56:55 , proto UDP, 78.189.168.191:1900->XXX.XXX.XXX.XXX:80,
> len 347
> Sep/29/2015 19:56:55 , proto UDP, 76.24.200.75:1900->XXX.XXX.XXX.XXX:80,
> len 314
> Sep/29/2015 19:56:55 , proto UDP, 181.211.178.167:1900
> ->XXX.XXX.XXX.XXX:80,
> len 316
> Sep/29/2015 19:56:55 , proto UDP, 78.189.168.191:1900->XXX.XXX.XXX.XXX:80,
> len 331
> Sep/29/2015 19:56:55 , proto UDP, 98.242.172.180:1900->XXX.XXX.XXX.XXX:80,
> len 266
> Sep/29/2015 19:56:55 , proto UDP, 139.55.188.117:1900->XXX.XXX.XXX.XXX:80,
> len 301
> Sep/29/2015 19:56:55 , proto UDP, 69.40.138.121:1900->XXX.XXX.XXX.XXX:80,
> len 371
> Sep/29/2015 19:56:55 , proto UDP, 75.89.110.97:1900->XXX.XXX.XXX.XXX:80,
> len 304
> Sep/29/2015 19:56:55 , proto UDP, 75.89.110.97:1900->XXX.XXX.XXX.XXX:80,
> len 337
> Sep/29/2015 19:56:55 , proto UDP, 98.22.249.5:1900->XXX.XXX.XXX.XXX:80,
> len
> 374
> Sep/29/2015 19:56:55 , proto UDP, 78.188.168.188:1900->XXX.XXX.XXX.XXX:80,
> len 325
> Sep/29/2015 19:56:55 , proto UDP, 14.221.129.218:1900->XXX.XXX.XXX.XXX:80,
> len 319
> Sep/29/2015 19:56:55 , proto UDP, 95.188.78.112:1900->XXX.XXX.XXX.XXX:80,
> len 355
> Sep/29/2015 19:56:55 , proto UDP, 78.188.204.57:1900->XXX.XXX.XXX.XXX:80,
> len 351
> Sep/29/2015 19:56:55 , proto UDP, 78.188.204.57:1900->XXX.XXX.XXX.XXX:80,
> len 331
> Sep/29/2015 19:56:55 , proto UDP, 173.186.125.161:1900
> ->XXX.XXX.XXX.XXX:80,
> len 306
>
>
> XXX.XXX.XXX.XXX = qualquer ip do bloco
>
>
> Soluções até o momento:
>
> Bloqueio do IP: XXX.XXX.XXX.XXX, junto a operado;
> Operado não tem blackhole, esta ofertando serviço Anti-DDOS;
> Não faz bloqueio por porta;
> Firewall bloqueando, UDP porta 1900 para todos os host da rede;
> Desligar a Interface do Link ao ativar o ataque permanece;
> Duração do ataque 15 minutos, horas programados;
> Consome toda banda do circuito.
>
>
>
>
> --
> <http://www.vescnet.com.br>
> Glauber Derlland
> 81-3497-7250
> 81-4062-9722
> 81-988-593-306
> 11-4063-1673
> INOC-DBA.br: 262792*100
>
> WhatsApp: 55 81  8163-7122
> Viper: 55 81 8163-7122
> Skype: vescnet
> Facebook: vescnet
> Twitter: @vescnet
> ICQ: 670280143
>
> www.vescnet.com.br
> https://beta.peeringdb.com/net/4988 <http://as262792.peeringdb.com/>
> Maps <http://goo.gl/maps/ugZkZ>
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter




-- 
*Rodrigo Melo Meireles*

*CTO - Solustic Solucoes em Tecnologia-TI*
Analista/Consultor de Redes
Analista de Segurança
Mikrotik Certified
URBSS Certified
85.40629515 85.996459346



More information about the gter mailing list