(D)DoS attack
Posted: Mon Feb 19, 2018 8:56 pm
(D)DoS attack against your service
Feb 19 2018 05:05:13 PM PT Our system responded to a (D)DoS against your service with a filter.
Target address: 63.251.20.50
Attack: a specific type of getchallenge flood/2
Filter duration: about 60 minutes
Example positive match
17:05:10.453046 IP (tos 0x0, ttl 117, id 6388, offset 0, flags [none], proto UDP (17), length 81) 27.34.170.20.28960 > 63.251.20.50.2056: UDP, payload 53
0x0000: 4500 0051 18f4 0000 7511 1345 1b22 aa14 E..Q....u..E."..
0x0010: 3ffb 1432 7120 0808 003d acc1 ffff ffff ?..2q....=......
0x0020: 6765 7463 6861 6c6c 656e 6765 2030 2022 getchallenge.0."
0x0030: 6239 3062 3962 3831 3466 3838 3932 3939 b90b9b814f889299
0x0040: 3237 3966 3130 6435 3738 3231 3161 6163 279f10d578211aac
0x0050: 22 "
What does this mean?
A DoS attack is an intentional malicious action that is designed to temporarily disable a service. We have systems in place that respond to common attacks for our clients, filtering them for durations that are chosen based on the likelihood of false positives and the level of damage typically caused by the specific attack.
Depending on the size and characteristics of the attack, and the nature of your software, you may or may not have seen effects from the attack before it was filtered.
Most attacks are spoofed (use random fake IPs). This means that it is usually not possible to examine the traffic and determine the attacker. We will likely not be able to provide further information on this attack.
Feb 19 2018 05:05:13 PM PT Our system responded to a (D)DoS against your service with a filter.
Target address: 63.251.20.50
Attack: a specific type of getchallenge flood/2
Filter duration: about 60 minutes
Example positive match
17:05:10.453046 IP (tos 0x0, ttl 117, id 6388, offset 0, flags [none], proto UDP (17), length 81) 27.34.170.20.28960 > 63.251.20.50.2056: UDP, payload 53
0x0000: 4500 0051 18f4 0000 7511 1345 1b22 aa14 E..Q....u..E."..
0x0010: 3ffb 1432 7120 0808 003d acc1 ffff ffff ?..2q....=......
0x0020: 6765 7463 6861 6c6c 656e 6765 2030 2022 getchallenge.0."
0x0030: 6239 3062 3962 3831 3466 3838 3932 3939 b90b9b814f889299
0x0040: 3237 3966 3130 6435 3738 3231 3161 6163 279f10d578211aac
0x0050: 22 "
What does this mean?
A DoS attack is an intentional malicious action that is designed to temporarily disable a service. We have systems in place that respond to common attacks for our clients, filtering them for durations that are chosen based on the likelihood of false positives and the level of damage typically caused by the specific attack.
Depending on the size and characteristics of the attack, and the nature of your software, you may or may not have seen effects from the attack before it was filtered.
Most attacks are spoofed (use random fake IPs). This means that it is usually not possible to examine the traffic and determine the attacker. We will likely not be able to provide further information on this attack.