udp fragments, 1472 bytes payload
tme at multicasttech.com
Wed Aug 15 11:26:17 UTC 2007
On Aug 15, 2007, at 2:01 AM, Leigh Porter wrote:
> I guess if they are from different source addresses, varying UDP
> ports etc and the total bandwidth in infeasible for a typical video
I was quite serious.
I run a video streaming site, AmericaFree.TV.
Most of our packets are 1450 bytes, because that is the limit set to
avoid MTU issues. (We also multicast, with the same packet size, and
tunnels can be an MTU issue.)
We from time to time get emails claiming that rogue machines here are
conducting a DOS against some network, please stop, etc. Upon
investigation, every one of these has been someone (or several
someones) joining a unicast video stream and watching the 3 Stooges
or another video program, as shown by my server logs.
But, you do raise a good point :
_Are_ these packets from different ports, different IP addresses ?
What is the total bandwidth consumed ?
Are they truly packet fragments ?
> Thankfully it sounds quite easy to build a filter for.
Just please don't filter out all video !
> Marshall Eubanks wrote:
>> Are you sure you don't have a customer watching streaming video ?
>> On Aug 14, 2007, at 7:20 PM, Miguel Mata wrote:
>>> I'm being attacked with UDP fragments having a payload 1472
>>> bytes. Seems
>>> like a DDoS that only likes to suck bandwidth.
>>> Anyone on the same coaster? drop me a line.
>>> Miguel Mata
>>> Gerente de Operaciones
>>> Intercom El Salvador
>>> mmata at intercom.com.sv
>>> voz: ++(503) 2278-5068
>>> fax: ++(503) 2265-7024
>>> "Intercom, sus Telecomunicaciones en buenas manos"
More information about the NANOG