[122237] in North American Network Operators' Group
Re: about udp 80,8080,0
daemon@ATHENA.MIT.EDU (Truman Boyes)
Wed Feb 10 06:45:52 2010
From: Truman Boyes <truman@suspicious.org>
In-Reply-To: <16720fe01002091001u6cd637a6y5ce195795f2458b7@mail.gmail.com>
Date: Wed, 10 Feb 2010 22:45:03 +1100
To: Jeffrey Lyon <jeffrey.lyon@blacklotus.net>
Cc: nanog@nanog.org, =?utf-8?B?7LWc7KKF7ZuI?= <eversuede@chol.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 10/02/2010, at 5:01 AM, Jeffrey Lyon wrote:
> If you don't need UDP, disallow it to your entire network or to the
> /xx where such is applicable. We have basic filters like this with our
> carriers upstream and have prevented several Gbps of traffic from ever
> hitting our filters as a result.
>=20
> Jeff
While this may be suitable in small networks, this type of heavy handed =
control will simply cause you more problems in the long run. There are =
just too many applications that use UDP to restrict it to exceptions. =
UDP isn't the problem, it's just a method of the attack.=20
Truman
>=20
> 2010/2/9 Michael Holstein <michael.holstein@csuohio.edu>:
>>=20
>>> What does application use 8.8080,0 port for the proper purpose?
>>>=20
>>>=20
>>=20
>> I've seen newer BitTorrent clients do this (UDP is supported, and the
>> port can be arbitrary).
>>=20
>>=20
>> Cheers,
>>=20
>> Michael Holstein
>> Cleveland State University
>>=20
>>=20
>=20
>=20
>=20
> --=20
> Jeffrey Lyon, Leadership Team
> jeffrey.lyon@blacklotus.net | http://www.blacklotus.net
> Black Lotus Communications of The IRC Company, Inc.
>=20
> Follow us on Twitter at http://twitter.com/ddosprotection to find out
> about news, promotions, and (gasp!) system outages which are updated
> in real time.
>=20
> Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 -
> 21 to find out how to "protect your booty."
>=20
