Over a decade of DDOS--any progress yet?

• Previous message (by thread): Over a decade of DDOS--any progress yet?
• Next message (by thread): Over a decade of DDOS--any progress yet?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We see a lot of the UDP dest 0. Depending on what you're
hosting/protecting you can ACL a lot of the unneeded ports and
protocols (easy) then focus on using appliances (commercially
available or home grown if you're so inclined) to identify and scrub
out the ambiguous traffic (a lot more difficult).

Jeff


On Wed, Dec 8, 2010 at 11:17 AM, Jack Bates <jbates at brightok.net> wrote:
>
>
> On 12/8/2010 10:13 AM, Drew Weaver wrote:
>>
>> The most common attacks that I have seen over the last 12 months, and
>> let's say I have seen a fair share have been easily detectable by the source
>> network.
>>
>> It is either protocol 17 (UDP) dst port 80 or UDP Fragments (dst port 0..)
>>
>> What valid application actually uses UDP 80?
>>
>> You could literally wipe out a large amount of these attacks by simply
>> filtering this.
>>
>> -Drew
>
> You mean silly things like:
>
> Warning, it is an 87160 line flow capture.
>
> http://www.brightok.net/~abuse/ddos/flows.txt
>
>
> Jack
>



-- 
Jeffrey Lyon, Leadership Team
jeffrey.lyon at blacklotus.net | http://www.blacklotus.net
Black Lotus Communications - AS32421
First and Leading in DDoS Protection Solutions

• Previous message (by thread): Over a decade of DDOS--any progress yet?
• Next message (by thread): Over a decade of DDOS--any progress yet?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]