[186317] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Ransom DDoS attack - need help!

daemon@ATHENA.MIT.EDU (Baldur Norddahl)
Wed Dec 9 20:53:38 2015

X-Original-To: nanog@nanog.org
In-Reply-To: <CAPkb-7Bz33D2m8rLBn-U=ZJOcUUZE9+LG9bBjUoHZU8DqRo-cw@mail.gmail.com>
Date: Thu, 10 Dec 2015 02:53:35 +0100
From: Baldur Norddahl <baldur.norddahl@gmail.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org

>
>
> On 10 December 2015 at 01:48, alvin nanog <nanogml@mail.ddos-mitigator.net
> > wrote:
>
>> what app do yu have that talks to port 1900 ?
>>
>
> UDP 1900 is a "Chargen" UDP reflection attack. The DNS and NTP packets are
> also from a reflection attack.
>
>
Sorry I was made aware that UDP 1900 is SSDP. We still block it :-) To my
knowledge there is no real use case for it and no user has ever complained
about that being blocked.

Regards,

Baldur


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[186317] in North American Network Operators' Group

Re: Ransom DDoS attack - need help!

daemon@ATHENA.MIT.EDU (Baldur Norddahl)Wed Dec 9 20:53:38 2015

daemon@ATHENA.MIT.EDU (Baldur Norddahl)
Wed Dec 9 20:53:38 2015