20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours

• Previous message (by thread): 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours
• Next message (by thread): 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 20 Jul 2015, at 18:12, Drew Weaver wrote:

> Ah, alright. I've seen the "general" amplification attacks 
> SNMP/DNS/NTP/you name it, plenty but this is the first one I've ever 
> seen one that targeted 1720/5060 and as its mitigated in one place it 
> keeps moving from dst to dst fairly rapidly until none of the dst ips 
> are available.

What source ports and breadth of purported source IPs?  I'm not sure 
this is reflection/amplification attack, it may be a straight packeting 
of H.323 systems.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

• Previous message (by thread): 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours
• Next message (by thread): 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]