Over a decade of DDOS--any progress yet?
Michael Costello
mc3401 at columbia.edu
Sat Dec 11 21:27:44 UTC 2010
On Fri, 10 Dec 2010 15:32:10 -0500
Drew Weaver <drew.weaver at thenap.com> wrote:
> I should've "qualified" my question by saying "What valid application
> which traverses the Internet and could be seen at the edge of a
> network actually uses UDP 80?"
I'll grant that my response was a bit pedantic: there is no
legitimate reason for such traffic to leave a network.
> I can't imagine there is too much Cisco NAC client for macs carrying
> on over the Internet, although I have been wrong in the past.
I imagine you're right, and that any network that detects any
significant amount would be one whose first octet is a common
fourth-octet-of-a-gateway (1, 65, 129, etc).
mc
More information about the NANOG
mailing list