[GTER] Ataque DDOS

Lucas Willian Bocchi lucas.bocchi at gmail.com
Mon Oct 5 12:36:45 -03 2015


Contrate um link menor e anuncie o bloco atacado /24 por ele.
Em 05/10/2015 12:21, "Rodrigo Meireles" <mikrotikfull at gmail.com> escreveu:

> Ataque DDOS especifico por reflexão realmente.
> Se a operadora nao bloqueia e cobra o DDOS so tem duas alternativas
> Ou contrata um Serviço de Anti-DDOS externo ou vai ter que implementar
> ferramentas de Anti-DDOS no Vyos ou Edge.
> Dependendo do que esteja utilizando vai consumir uma boa carga da CPU.
>
> 2015-10-05 11:58 GMT-03:00 Guilherme Boing <kolt at frag.com.br>:
>
> > 1900 é DDoS usando SSDP como amplificador.
> >
> > 2015-10-05 11:26 GMT-03:00 Rodrigo Meireles <mikrotikfull at gmail.com>:
> >
> > > Qual o roteador do BGP?
> > > edge router?
> > > 1900 é protocolo de Neighboor Discovery!
> > > Desabilita o discovery no edge e testa!
> > >
> > > 2015-10-05 7:35 GMT-03:00 Glauber Derlland <glauber at vescnet.com.br>:
> > >
> > > > Bom dia,
> > > >
> > > > Alguem esta enfrentando isso tipo de Ataque
> > > >
> > > > Sep/29/2015 19:56:55 , proto UDP, 88.250.183.167:1900
> > > ->XXX.XXX.XXX.XXX:80,
> > > > len 266
> > > > Sep/29/2015 19:56:55 , proto UDP, 95.9.114.232:1900
> > ->XXX.XXX.XXX.XXX:80,
> > > > len 321
> > > > Sep/29/2015 19:56:55 , proto UDP, 95.9.114.232:1900
> > ->XXX.XXX.XXX.XXX:80,
> > > > len 321
> > > > Sep/29/2015 19:56:55 , proto UDP, 78.186.8.157:1900
> > ->XXX.XXX.XXX.XXX:80,
> > > > len 321
> > > > Sep/29/2015 19:56:55 , proto UDP, 72.229.228.53:1900
> > > ->XXX.XXX.XXX.XXX:80,
> > > > len 338
> > > > Sep/29/2015 19:56:55 , proto UDP, 41.196.86.182:1900
> > > ->XXX.XXX.XXX.XXX:80,
> > > > len 258
> > > > Sep/29/2015 19:56:55 , proto UDP, 75.89.110.97:1900
> > ->XXX.XXX.XXX.XXX:80,
> > > > len 367
> > > > Sep/29/2015 19:56:55 , proto UDP, 173.186.125.161:1900
> > > > ->XXX.XXX.XXX.XXX:80,
> > > > len 359
> > > > Sep/29/2015 19:56:55 , proto UDP, 85.96.207.61:1900
> > ->XXX.XXX.XXX.XXX:80,
> > > > len 316
> > > > Sep/29/2015 19:56:55 , proto UDP, 24.208.37.154
> > > :1900->XXX.XXX.XXX.XXX:80,
> > > > len 266
> > > > Sep/29/2015 19:56:55 , proto UDP, 24.208.37.154
> > > :1900->XXX.XXX.XXX.XXX:80,
> > > > len 338
> > > > Sep/29/2015 19:56:55 , proto UDP, 76.24.200.75:1900
> > ->XXX.XXX.XXX.XXX:80,
> > > > len 266
> > > > Sep/29/2015 19:56:55 , proto UDP, 98.30.40.44:1900
> > ->XXX.XXX.XXX.XXX:80,
> > > > len
> > > > 330
> > > > Sep/29/2015 19:56:55 , proto UDP, 37.242.12.64:1900
> > ->XXX.XXX.XXX.XXX:80,
> > > > len 329
> > > > Sep/29/2015 19:56:55 , proto UDP, 188.118.251.216:1900
> > > > ->XXX.XXX.XXX.XXX:80,
> > > > len 355
> > > > Sep/29/2015 19:56:55 , proto UDP, 190.214.140.21:1900
> > > ->XXX.XXX.XXX.XXX:80,
> > > > len 312
> > > > Sep/29/2015 19:56:55 , proto UDP, 78.189.168.191:1900
> > > ->XXX.XXX.XXX.XXX:80,
> > > > len 300
> > > > Sep/29/2015 19:56:55 , proto UDP, 88.250.168.173:1900
> > > ->XXX.XXX.XXX.XXX:80,
> > > > len 337
> > > > Sep/29/2015 19:56:55 , proto UDP, 88.250.168.173:1900
> > > ->XXX.XXX.XXX.XXX:80,
> > > > len 331
> > > > Sep/29/2015 19:56:55 , proto UDP, 166.102.230.129:1900
> > > > ->XXX.XXX.XXX.XXX:80,
> > > > len 295
> > > > Sep/29/2015 19:56:55 , proto UDP, 208.106.2.83:1900
> > ->XXX.XXX.XXX.XXX:80,
> > > > len 355
> > > > Sep/29/2015 19:56:55 , proto UDP, 76.24.200.75:1900
> > ->XXX.XXX.XXX.XXX:80,
> > > > len 338
> > > > Sep/29/2015 19:56:55 , proto UDP, 78.189.168.191:1900
> > > ->XXX.XXX.XXX.XXX:80,
> > > > len 351
> > > > Sep/29/2015 19:56:55 , proto UDP, 166.102.230.129:1900
> > > > ->XXX.XXX.XXX.XXX:80,
> > > > len 306
> > > > Sep/29/2015 19:56:55 , proto UDP, 208.106.2.83:1900
> > ->XXX.XXX.XXX.XXX:80,
> > > > len 302
> > > > Sep/29/2015 19:56:55 , proto UDP, 76.24.200.75:1900
> > ->XXX.XXX.XXX.XXX:80,
> > > > len 334
> > > > Sep/29/2015 19:56:55 , proto UDP, 78.189.168.191:1900
> > > ->XXX.XXX.XXX.XXX:80,
> > > > len 347
> > > > Sep/29/2015 19:56:55 , proto UDP, 76.24.200.75:1900
> > ->XXX.XXX.XXX.XXX:80,
> > > > len 314
> > > > Sep/29/2015 19:56:55 , proto UDP, 181.211.178.167:1900
> > > > ->XXX.XXX.XXX.XXX:80,
> > > > len 316
> > > > Sep/29/2015 19:56:55 , proto UDP, 78.189.168.191:1900
> > > ->XXX.XXX.XXX.XXX:80,
> > > > len 331
> > > > Sep/29/2015 19:56:55 , proto UDP, 98.242.172.180:1900
> > > ->XXX.XXX.XXX.XXX:80,
> > > > len 266
> > > > Sep/29/2015 19:56:55 , proto UDP, 139.55.188.117
> > > :1900->XXX.XXX.XXX.XXX:80,
> > > > len 301
> > > > Sep/29/2015 19:56:55 , proto UDP, 69.40.138.121
> > > :1900->XXX.XXX.XXX.XXX:80,
> > > > len 371
> > > > Sep/29/2015 19:56:55 , proto UDP, 75.89.110.97:1900
> > ->XXX.XXX.XXX.XXX:80,
> > > > len 304
> > > > Sep/29/2015 19:56:55 , proto UDP, 75.89.110.97:1900
> > ->XXX.XXX.XXX.XXX:80,
> > > > len 337
> > > > Sep/29/2015 19:56:55 , proto UDP, 98.22.249.5:1900
> > ->XXX.XXX.XXX.XXX:80,
> > > > len
> > > > 374
> > > > Sep/29/2015 19:56:55 , proto UDP, 78.188.168.188:1900
> > > ->XXX.XXX.XXX.XXX:80,
> > > > len 325
> > > > Sep/29/2015 19:56:55 , proto UDP, 14.221.129.218:1900
> > > ->XXX.XXX.XXX.XXX:80,
> > > > len 319
> > > > Sep/29/2015 19:56:55 , proto UDP, 95.188.78.112:1900
> > > ->XXX.XXX.XXX.XXX:80,
> > > > len 355
> > > > Sep/29/2015 19:56:55 , proto UDP, 78.188.204.57:1900
> > > ->XXX.XXX.XXX.XXX:80,
> > > > len 351
> > > > Sep/29/2015 19:56:55 , proto UDP, 78.188.204.57:1900
> > > ->XXX.XXX.XXX.XXX:80,
> > > > len 331
> > > > Sep/29/2015 19:56:55 , proto UDP, 173.186.125.161:1900
> > > > ->XXX.XXX.XXX.XXX:80,
> > > > len 306
> > > >
> > > >
> > > > XXX.XXX.XXX.XXX = qualquer ip do bloco
> > > >
> > > >
> > > > Soluções até o momento:
> > > >
> > > > Bloqueio do IP: XXX.XXX.XXX.XXX, junto a operado;
> > > > Operado não tem blackhole, esta ofertando serviço Anti-DDOS;
> > > > Não faz bloqueio por porta;
> > > > Firewall bloqueando, UDP porta 1900 para todos os host da rede;
> > > > Desligar a Interface do Link ao ativar o ataque permanece;
> > > > Duração do ataque 15 minutos, horas programados;
> > > > Consome toda banda do circuito.
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > <http://www.vescnet.com.br>
> > > > Glauber Derlland
> > > > 81-3497-7250
> > > > 81-4062-9722
> > > > 81-988-593-306
> > > > 11-4063-1673
> > > > INOC-DBA.br: 262792*100
> > > >
> > > > WhatsApp: 55 81 8163-7122
> > > > Viper: 55 81 8163-7122
> > > > Skype: vescnet
> > > > Facebook: vescnet
> > > > Twitter: @vescnet
> > > > ICQ: 670280143
> > > >
> > > > www.vescnet.com.br
> > > > https://beta.peeringdb.com/net/4988 <http://as262792.peeringdb.com/>
> > > > Maps <http://goo.gl/maps/ugZkZ>
> > > > --
> > > > gter list    https://eng.registro.br/mailman/listinfo/gter
> > >
> > >
> > >
> > >
> > > --
> > > *Rodrigo Melo Meireles*
> > >
> > > *CTO - Solustic Solucoes em Tecnologia-TI*
> > > Analista/Consultor de Redes
> > > Analista de Segurança
> > > Mikrotik Certified
> > > URBSS Certified
> > > 85.40629515 85.996459346
> > > --
> > > gter list    https://eng.registro.br/mailman/listinfo/gter
> > >
> > --
> > gter list    https://eng.registro.br/mailman/listinfo/gter
>
>
>
>
> --
> *Rodrigo Melo Meireles*
>
> *CTO - Solustic Solucoes em Tecnologia-TI*
> Analista/Consultor de Redes
> Analista de Segurança
> Mikrotik Certified
> URBSS Certified
> 85.40629515 85.996459346
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter



More information about the gter mailing list