UDP Flood DDOS attack against my blog

April 24, 2008

Starting 18:00 CET (23.04.2008) someone started with a distributed denial of service attack against my blog. The UDP Flood attack was carried out, as showed my investigation by hacked servers and not zombie windows clients. At the time of writing the attack is still underway but got weaker after the first 24h.

The traffic accounting reports so far >750gb incoming traffic, but in reality it will be even higher as not every packet was counted in the beginning of the attack as it consumed large amounts of network resources. The data center my server is located at removed the route for the sub network from the border gateways, so the operation of the whole data cents was not affected. After I guess some network admins detected that some of their machines got misused for a DDOS and did shut them down, the traffic went down. After this happened the subnetwork has been reactivated again, and the blog is online again.

But why should someone attack my little blog in the first place? I didn’t post in the last 14 days. The only idea I’ve is that the hacker I found at the server of a friend and wrote about it wanted to get even. What counts for this theory is that it is carried out by hacked servers from and to random UDP ports – a feature the found bot also has.

I’ll investigate further and report in my blog about it.

Update: Following IP are still attacking me after >30h … it seems to be time to try to contact the admins.


202.147.170.5 (Pakistan) - informed - not active anymore after 48h
222.122.46.92 (Korea) - informed - not active anymore after 48h
72.36.175.98 (USA) - informed - reacted within 12h
85.214.100.202 (Germany) - informed - reacted within 12h
62.112.193.46 (Hungary) - informed - still active after 3 days
195.219.156.98 (Spain) - informed - reacted within 24h
211.174.182.13 (Korea) - informed - still active after 3 days

Update2: 3 days after the start of the attack it still continues. ok only with lonely 2 systems, whose admins don’t seem to care about the attack and my mail. whats the reason for this? did the hacker lose control over them? what does he gain with it – the side is online without any problems for the users. Has anyone an idea?

1 Comment »

RSS feed for comments on this post. TrackBack URI

  1. […] the DDOS attack against my blog this week , I decided to go to the channel I wrote in my initial hacker post about, as I believed […]

    Pingback by Robert Penz Blog » Interview a the professional hacker — April 26, 2008 #

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Powered by WordPress
Entries and comments feeds. Valid XHTML and CSS. 69 queries. 0.229 seconds.