Over a decade of DDOS--any progress yet?

Michael Costello mc3401 at columbia.edu
Sat Dec 11 21:27:44 UTC 2010


On Fri, 10 Dec 2010 15:32:10 -0500
Drew Weaver <drew.weaver at thenap.com> wrote:

> I should've "qualified" my question by saying "What valid application
> which traverses the Internet and could be seen at the edge of a
> network actually uses UDP 80?"

I'll grant that my response was a bit pedantic: there is no
legitimate reason for such traffic to leave a network.

> I can't imagine there is too much Cisco NAC client for macs carrying
> on over the Internet, although I have been wrong in the past.

I imagine you're right, and that any network that detects any
significant amount would be one whose first octet is a common
fourth-octet-of-a-gateway (1, 65, 129, etc).

mc




More information about the NANOG mailing list