[133307] in North American Network Operators' Group
Re: Over a decade of DDOS--any progress yet?
daemon@ATHENA.MIT.EDU (Jack Bates)
Wed Dec 8 11:20:20 2010
Date: Wed, 08 Dec 2010 10:17:44 -0600
From: Jack Bates <jbates@brightok.net>
To: Drew Weaver <drew.weaver@thenap.com>
In-Reply-To: <F3318834F1F89D46857972DD4B411D70019C4766CE@EXCHANGE.thenap.com>
Cc: Jeffrey Lyon <jeffrey.lyon@blacklotus.net>,
'Arturo Servin' <arturo.servin@gmail.com>,
"nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 12/8/2010 10:13 AM, Drew Weaver wrote:
> The most common attacks that I have seen over the last 12 months, and let's say I have seen a fair share have been easily detectable by the source network.
>
> It is either protocol 17 (UDP) dst port 80 or UDP Fragments (dst port 0..)
>
> What valid application actually uses UDP 80?
>
> You could literally wipe out a large amount of these attacks by simply filtering this.
>
> -Drew
You mean silly things like:
Warning, it is an 87160 line flow capture.
http://www.brightok.net/~abuse/ddos/flows.txt
Jack
