Over a decade of DDOS--any progress yet?

• Previous message (by thread): Over a decade of DDOS--any progress yet?
• Next message (by thread): Over a decade of DDOS--any progress yet?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 8 Dec 2010 11:13:01 -0500
Drew Weaver <drew.weaver at thenap.com> wrote:

> The most common attacks that I have seen over the last 12 months, and
> let's say I have seen a fair share have been easily detectable by the
> source network.
> 
> It is either protocol 17 (UDP) dst port 80 or UDP Fragments (dst port
> 0..)
> 
> What valid application actually uses UDP 80?

The Cisco NAC client for Macs, for the purpose of "VLAN change
detection", sends UDP/80 packets to the host's reversed default
gateway (i.e., if the actual gateway is 1.2.3.4, it sends the packets
to 4.3.2.1) once every five seconds.

mc

• Previous message (by thread): Over a decade of DDOS--any progress yet?
• Next message (by thread): Over a decade of DDOS--any progress yet?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]