On 31 Aug 2018, at 23:53, Lotia, Pratik M wrote:
Instead of rtbh I would suggest blocking/rate limiting common ports used in DDoS attacks.
This isn't an 'instead of', it's an 'in addition to'. And it must be done judiciously; many operators doing this have concentrated on common port-pairs observed in UDP reflection/amplification attacks.
It's important to understand that any kind of packet of any protocol/ports (if such concepts apply on the protocol in question) can be used to launch DDoS attacks.
We've many tools in the toolbox, and should use them in a situationally-appropriate manner. And when we're using techniques like QoSing down certain ports/protocols, we must err on the side of caution, lest we cause larger problems than the attacks themselves.
----------------------------------- Roland Dobbins <rdobb...@arbor.net>
