20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours

• Previous message (by thread): 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours
• Next message (by thread): 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello, folks!

Could anybody tun my toolkit https://github.com/FastVPSEestiOu/fastnetmon with
collect_attack_pcap_dumps = on option agains this attack type?

With pcap dump we could do detailed analyze and share all details with
Community.

On Tue, Jul 21, 2015 at 2:16 PM, Jared Mauch <jared at puck.nether.net> wrote:
>
>         I'm reminded of the "the russians are hacking our water system"
> stories from a few years back, when it turned out the water system
> adminstrator was on vacation in russia.
>
>         often traffic comes from unexpected locations.  perhaps you
> should fail-closed with good business practices to open things up.
> perhaps you fail-open then mitigate risk by using a blocklist.
>
>         my suggestion is that if you didn't live through the days
> of the bogon lists, which were later allocated to RIRs, a block
> list is likely not the right approach if you truly working on
> security posture.
>
>         - Jared
>
> On Mon, Jul 20, 2015 at 09:50:44PM +0100, Colin Johnston wrote:
>> blocking to mitigate risk is a better trade off gaining better percentage legit traffic against a indventant minor valid good network range.
>>
>>
>> Sent from my iPhone
>>
>> > On 20 Jul 2015, at 21:20, Valdis.Kletnieks at vt.edu wrote:
>> >
>> > On Mon, 20 Jul 2015 21:12:33 +0100, Colin Johnston said:
>> >> source user to use phone contact and or postal service to establish contact
>> >
>> > And your phone and postal addresses are listed *where* that Joe Aussie-Sixpack
>> > is likely to be able to find?
>> >
>> > (Hint 1: If it's on your website, they can't find it.)
>> >
>> > (Hint 2: Mortal users have never heard of WHOIS or similar services)
>> >
>> > And what are the chances that after 3-4 days of unreachable, the user will
>> > simply conclude you've gone out of business and you've lost a customer/reader
>> > to a competitor?
>
> --
> Jared Mauch  | pgp key available via finger from jared at puck.nether.net
> clue++;      | http://puck.nether.net/~jared/  My statements are only mine.



-- 
Sincerely yours, Pavel Odintsov

• Previous message (by thread): 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours
• Next message (by thread): 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]