[133539] in North American Network Operators' Group
Re: Over a decade of DDOS--any progress yet?
daemon@ATHENA.MIT.EDU (Michael Costello)
Sat Dec 11 16:27:49 2010
Date: Sat, 11 Dec 2010 16:27:44 -0500
From: Michael Costello <mc3401@columbia.edu>
To: Drew Weaver <drew.weaver@thenap.com>
In-Reply-To: <F3318834F1F89D46857972DD4B411D70019C4767B8@EXCHANGE.thenap.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, 10 Dec 2010 15:32:10 -0500
Drew Weaver <drew.weaver@thenap.com> wrote:
> I should've "qualified" my question by saying "What valid application
> which traverses the Internet and could be seen at the edge of a
> network actually uses UDP 80?"
I'll grant that my response was a bit pedantic: there is no
legitimate reason for such traffic to leave a network.
> I can't imagine there is too much Cisco NAC client for macs carrying
> on over the Internet, although I have been wrong in the past.
I imagine you're right, and that any network that detects any
significant amount would be one whose first octet is a common
fourth-octet-of-a-gateway (1, 65, 129, etc).
mc
