Protocol 17 floods from Vietnam & Mexico?

Wed Sep 13 01:27:36 UTC 2017

Protocol 17 likely refers to UDP.

https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers

-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Large Hadron Collider
Sent: Wednesday, 13 September 2017 11:08 AM
To: nanog at nanog.org
Subject: Protocol 17 floods from Vietnam & Mexico?

18:04:32.391082 IP 138-122-97-251.internet.static.ientc.mx >
umbrellix.net: ip-proto-17
18:04:32.391088 IP 138-122-97-251.internet.static.ientc.mx >
umbrellix.net: ip-proto-17
18:04:32.391110 IP 115.75.50.106.35180 > umbrellix.net.10454: UDP, bad length 65500 > 1464
18:04:32.391145 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391152 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391158 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391164 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391170 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391176 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391182 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391188 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391194 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391199 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391205 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391211 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391217 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391223 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391229 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391234 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391248 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391255 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391261 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391266 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391272 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391278 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391284 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391289 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391295 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391313 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391319 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391325 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391331 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391336 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391342 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391348 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391354 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391367 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391374 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391379 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391385 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391391 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391396 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391402 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391408 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391414 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391420 IP 115.75.50.106 > umbrellix.net: ip-proto-17
18:04:32.391426 IP 115.75.50.106 > umbrellix.net: ip-proto-17

Some stupidity has me wondering... protocol 17? Huh?

Is this some attempt to exploit me while at the same time flooding me at over 800Mbit/s?

Needless to say, I've shut my computer down to avoid going over my data 
allowance.