[182550] in North American Network Operators' Group
Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last
daemon@ATHENA.MIT.EDU (Curtis Maurand)
Tue Jul 21 08:10:49 2015
X-Original-To: nanog@nanog.org
To: nanog@nanog.org
From: Curtis Maurand <cmaurand@xyonet.com>
Date: Tue, 21 Jul 2015 08:09:56 -0400
In-Reply-To: <CAD6AjGTNxpjO0c3zzhvYr4ot-YwPdQOZYGQZWQ+QFkmmQYwjZQ@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
DNS is still largely UDP.
--Curtis
On 7/20/2015 5:40 PM, Ca By wrote:
> Folks, it may be time to take the next step and admit that UDP is too
> broken to support
>
> https://tools.ietf.org/html/draft-byrne-opsec-udp-advisory-00
>
> Your comments have been requested
>
>
>
> On Mon, Jul 20, 2015 at 8:57 AM, Drew Weaver <drew.weaver@thenap.com> wrote:
>
>> Has anyone else seen a massive amount of illegitimate UDP 1720 traffic
>> coming from China being sent towards IP addresses which provide VoIP
>> services?
>>
>> I'm talking in the 20-30Gbps range?
>>
>> The first incident was yesterday at around 13:00 EST, the second incident
>> was today at 09:00 EST.
>>
>> I'm assuming this is just another DDoS like all others, but I would be
>> interested to hear if I am not the only one seeing this.
>>
>> On list or off-list is fine.
>>
>> Thanks,
>> -Drew
>>
>>
--
Best Regards
Curtis Maurand
Principal
Xyonet Web Hosting
mailto:cmaurand@xyonet.com
http://www.xyonet.com
