This is lame. They should be able to view NAT translation tables or better yet have some method of watching flows.
Tim On 12/9/19 12:11 PM, Christopher Morrow wrote: > I'd note that: "what prefixes?" isn't answered here... like: "what is > the thing on your network which is being attacked?" > > On Mon, Dec 9, 2019 at 3:08 PM ahmed.dala...@hrins.net > <ahmed.dala...@hrins.net> wrote: >> >> Dear All, >> >> My network is being flooded with UDP packets, Denial of Service attack, >> soucing from Cloud flare and Google IP Addresses, with 200-300 mbps minimum >> traffic, the destination in my network are IP prefixes that is currnetly not >> used but still getting traffic with high volume. >> The traffic is being generated with high intervals between 10-30 Minutes for >> each time, maxing to 800 mbps >> When reached out cloudflare support, they mentioned that there services are >> running on Nat so they can’t pin out which server is attacking based on ip >> address alone, as a single IP has more than 5000 server behind it, providing >> 1 source IP and UDP source port, didn’t help either >> Any suggestions? >> >> Regards, >> Ahmed Dala Ali
