[193171] in North American Network Operators' Group
Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
daemon@ATHENA.MIT.EDU (Ken Chase)
Thu Dec 22 11:04:18 2016
X-Original-To: nanog@nanog.org
Date: Thu, 22 Dec 2016 11:04:14 -0500
From: Ken Chase <math@sizone.org>
To: NANOG <nanog@nanog.org>
In-Reply-To: <CAL9Qcx5qASMn1yZ+ud02nuuCtkN_iXrCMW=fQkyEv2E3+oVRfA@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
Maybe he's found what's already known and posted 2 months ago (and every 2 months?)
on nanog, the TCP 98,000x amplifier (which is a little higher than 100x), among
dozens of misbehaving devices, all >200x amp.
https://www.usenix.org/system/files/conference/woot14/woot14-kuhrer.pdf
(Table 1's 'total load risk', (not calculated; Im using potential #hosts * amp factor)
shows that each protocol listed curiously all have similar values, within 40%.
Little too curious, in fact. I'd expect distribution across a few magnitudes.)
/kc
--
Ken Chase - math@sizone.org Guelph Canada
