[Tier1 ISP]: Vulnerable to a new DDoS amplification attack

Ken Chase math at sizone.org
Thu Dec 22 16:04:14 UTC 2016


Maybe he's found what's already known and posted 2 months ago (and every 2 months?)
on nanog, the TCP 98,000x amplifier (which is a little higher than 100x), among
dozens of misbehaving devices, all >200x amp. 

 https://www.usenix.org/system/files/conference/woot14/woot14-kuhrer.pdf

(Table 1's 'total load risk', (not calculated; Im using potential #hosts * amp factor)
shows that each protocol listed curiously all have similar values, within 40%.
Little too curious, in fact. I'd expect distribution across a few magnitudes.)

/kc
--
Ken Chase - math at sizone.org Guelph Canada


More information about the NANOG mailing list