20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours

Curtis Maurand cmaurand at xyonet.com
Tue Jul 21 16:33:16 UTC 2015



On 7/21/2015 8:43 AM, Jared Mauch wrote:
> On Tue, Jul 21, 2015 at 08:09:56AM -0400, Curtis Maurand wrote:
>> DNS is still largely UDP.
> 	Water is also still wet :) - but you may not be doing 10% of your
> links as UDP/53.
>
> 	DNS can also use TCP as well, including sending more than one
> query in a pipelined fashion.
>
> 	The challenge that Cameron is trying to document here
> is when seeing large volumes of UDP it becomes necessary to do
> something to keep the network up.  This response is frustrating for those
> of us who prefer to have a unfiltered e2e network but maintaining
> the network as up in the face of these adverse conditions is important.
>
> 	- Jared
Point well taken.

-Curtis
>> --Curtis
>>
>> On 7/20/2015 5:40 PM, Ca By wrote:
>>> Folks, it may be time to  take the next step and admit that UDP is too
>>> broken to support
>>>
>>> https://tools.ietf.org/html/draft-byrne-opsec-udp-advisory-00
>>>
>>> Your comments have been requested
>>>
>>>
>>>
>>> On Mon, Jul 20, 2015 at 8:57 AM, Drew Weaver <drew.weaver at thenap.com> wrote:
>>>
>>>> Has anyone else seen a massive amount of illegitimate UDP 1720 traffic
>>>> coming from China being sent towards IP addresses which provide VoIP
>>>> services?
>>>>
>>>> I'm talking in the 20-30Gbps range?
>>>>
>>>> The first incident was yesterday at around 13:00 EST, the second incident
>>>> was today at 09:00 EST.
>>>>
>>>> I'm assuming this is just another DDoS like all others, but I would be
>>>> interested to hear if I am not the only one seeing this.
>>>>
>>>> On list or off-list is fine.
>>>>
>>>> Thanks,
>>>> -Drew
>>>>
>>>>
>> -- 
>> Best Regards
>> Curtis Maurand
>> Principal
>> Xyonet Web Hosting
>> mailto:cmaurand at xyonet.com
>> http://www.xyonet.com

-- 
Best Regards
Curtis Maurand
Principal
Xyonet Web Hosting
mailto:cmaurand at xyonet.com
http://www.xyonet.com




More information about the NANOG mailing list