[182563] in North American Network Operators' Group
Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last
daemon@ATHENA.MIT.EDU (Curtis Maurand)
Tue Jul 21 12:33:27 2015
X-Original-To: nanog@nanog.org
To: Jared Mauch <jared@puck.Nether.net>
From: Curtis Maurand <cmaurand@xyonet.com>
Date: Tue, 21 Jul 2015 12:33:16 -0400
In-Reply-To: <20150721124308.GB5337@puck.nether.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On 7/21/2015 8:43 AM, Jared Mauch wrote:
> On Tue, Jul 21, 2015 at 08:09:56AM -0400, Curtis Maurand wrote:
>> DNS is still largely UDP.
> Water is also still wet :) - but you may not be doing 10% of your
> links as UDP/53.
>
> DNS can also use TCP as well, including sending more than one
> query in a pipelined fashion.
>
> The challenge that Cameron is trying to document here
> is when seeing large volumes of UDP it becomes necessary to do
> something to keep the network up. This response is frustrating for those
> of us who prefer to have a unfiltered e2e network but maintaining
> the network as up in the face of these adverse conditions is important.
>
> - Jared
Point well taken.
-Curtis
>> --Curtis
>>
>> On 7/20/2015 5:40 PM, Ca By wrote:
>>> Folks, it may be time to take the next step and admit that UDP is too
>>> broken to support
>>>
>>> https://tools.ietf.org/html/draft-byrne-opsec-udp-advisory-00
>>>
>>> Your comments have been requested
>>>
>>>
>>>
>>> On Mon, Jul 20, 2015 at 8:57 AM, Drew Weaver <drew.weaver@thenap.com> wrote:
>>>
>>>> Has anyone else seen a massive amount of illegitimate UDP 1720 traffic
>>>> coming from China being sent towards IP addresses which provide VoIP
>>>> services?
>>>>
>>>> I'm talking in the 20-30Gbps range?
>>>>
>>>> The first incident was yesterday at around 13:00 EST, the second incident
>>>> was today at 09:00 EST.
>>>>
>>>> I'm assuming this is just another DDoS like all others, but I would be
>>>> interested to hear if I am not the only one seeing this.
>>>>
>>>> On list or off-list is fine.
>>>>
>>>> Thanks,
>>>> -Drew
>>>>
>>>>
>> --
>> Best Regards
>> Curtis Maurand
>> Principal
>> Xyonet Web Hosting
>> mailto:cmaurand@xyonet.com
>> http://www.xyonet.com
--
Best Regards
Curtis Maurand
Principal
Xyonet Web Hosting
mailto:cmaurand@xyonet.com
http://www.xyonet.com
