[182534] in North American Network Operators' Group
Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last
daemon@ATHENA.MIT.EDU (Ca By)
Mon Jul 20 17:46:36 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <9a31dd85f5814c739dcebcdf3c80cb3c@EXCHANGE2K13.thenap.com>
Date: Mon, 20 Jul 2015 14:40:27 -0700
From: Ca By <cb.list6@gmail.com>
To: Drew Weaver <drew.weaver@thenap.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Folks, it may be time to take the next step and admit that UDP is too
broken to support
https://tools.ietf.org/html/draft-byrne-opsec-udp-advisory-00
Your comments have been requested
On Mon, Jul 20, 2015 at 8:57 AM, Drew Weaver <drew.weaver@thenap.com> wrote:
> Has anyone else seen a massive amount of illegitimate UDP 1720 traffic
> coming from China being sent towards IP addresses which provide VoIP
> services?
>
> I'm talking in the 20-30Gbps range?
>
> The first incident was yesterday at around 13:00 EST, the second incident
> was today at 09:00 EST.
>
> I'm assuming this is just another DDoS like all others, but I would be
> interested to hear if I am not the only one seeing this.
>
> On list or off-list is fine.
>
> Thanks,
> -Drew
>
>
