20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours
Roland Dobbins
rdobbins at arbor.net
Mon Jul 20 18:49:54 UTC 2015
On 20 Jul 2015, at 18:12, Drew Weaver wrote:
> Ah, alright. I've seen the "general" amplification attacks
> SNMP/DNS/NTP/you name it, plenty but this is the first one I've ever
> seen one that targeted 1720/5060 and as its mitigated in one place it
> keeps moving from dst to dst fairly rapidly until none of the dst ips
> are available.
What source ports and breadth of purported source IPs? I'm not sure
this is reflection/amplification attack, it may be a straight packeting
of H.323 systems.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the NANOG
mailing list