nanog mailing list archives
Re: Over a decade of DDOS--any progress yet?
From: Jack Bates <jbates () brightok net>
Date: Wed, 08 Dec 2010 10:17:44 -0600
On 12/8/2010 10:13 AM, Drew Weaver wrote:
The most common attacks that I have seen over the last 12 months, and let's say I have seen a fair share have been easily detectable by the source network. It is either protocol 17 (UDP) dst port 80 or UDP Fragments (dst port 0..) What valid application actually uses UDP 80? You could literally wipe out a large amount of these attacks by simply filtering this. -Drew
You mean silly things like: Warning, it is an 87160 line flow capture. http://www.brightok.net/~abuse/ddos/flows.txt Jack
Current thread:
- RE: Over a decade of DDOS--any progress yet?, (continued)
- RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 10)
- Re: Over a decade of DDOS--any progress yet? Thomas Mangin (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Thomas Mangin (Dec 09)
- Re: Over a decade of DDOS--any progress yet? Arturo Servin (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Jeffrey Lyon (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Arturo Servin (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Jack Bates (Dec 08)
- RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Jack Bates (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Jeffrey Lyon (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Michael Costello (Dec 08)
- RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 10)
- Re: Over a decade of DDOS--any progress yet? Michael Costello (Dec 11)
- Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
- RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 10)