On 02/14/2014 09:02 AM, Giles Davis wrote:
> Nick Hilliard wrote:
>> It really is, but bear in mind that a single 1GE connection with
>> no urpf can be used to create ~250-300G of backscatter traffic.
>>
>> This means that there's only a requirement to have a single
>> unscrupulous or incompetent
On 02/14/2014 06:54 AM, Giles Davis wrote:
> Keith Mitchell wrote:
>> But it's not just about NTP and DNS, pretty much any UDP-based service
>> that can do amplification is in play, e.g SNMP, Chargen and I've even
>> seen "QOTD" (UDP 17).
>> Universal BCP38 source address validation is needed more
Nick Hilliard wrote:
> It really is, but bear in mind that a single 1GE connection with no urpf
> can be used to create ~250-300G of backscatter traffic.
>
> This means that there's only a requirement to have a single unscrupulous or
> incompetent ISP with GE in the world to allow a devastating DoS
On 14/02/2014 11:54, Giles Davis wrote:
> Keith Mitchell wrote:
>> Universal BCP38 source address validation is needed more badly then ever :-(
>>
> It really is.
It really is, but bear in mind that a single 1GE connection with no urpf
can be used to create ~250-300G of backscatter traffic.
Th
Keith Mitchell wrote:
> But it's not just about NTP and DNS, pretty much any UDP-based service
> that can do amplification is in play, e.g SNMP, Chargen and I've even
> seen "QOTD" (UDP 19).
>
>
>
> Universal BCP38 source address validation is needed more badly then ever :-(
>
It really is. Gla
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 13/02/2014 18:04, Robin Williams wrote:
> It'd also be good to discuss merging data from these projects into
> an upstream 'open-generalbadstuff-project'.
shadowserver are putting some source of open dns resolvers into their
reports and I'm sure t
--- peter.kn...@ccsleeds.co.uk wrote:
From: Peter Knapp
It would also be useful to be able to run resolver scans via ASN or larger
block reports too. Limited to a /22 takes a fair old while.
-
For the NTP thingie, use this:
http://openn
: Keith Mitchell
Cc: uknof@lists.uknof.org.uk
Subject: Re: [uknof] DNS/NTP , a solution !
On 13/02/14 17:14, Keith Mitchell wrote:
> On 02/12/2014 06:37 PM, Wright, Matthew wrote:
>> List of open NTP servers from http://openntpproject.org/
> Also http://www.openresolverproject.org
>
>
On 02/13/2014 01:04 PM, Robin Williams wrote:
> It'd be nice to be able to automatically pull the full lists from
> these various scanning projects to use in statistical analysis as
> part of DDoS mitigation (i.e. if my traffic has just shot up and the
> majority of it is coming from IPs listed
On 13/02/14 17:14, Keith Mitchell wrote:
On 02/12/2014 06:37 PM, Wright, Matthew wrote:
List of open NTP servers from http://openntpproject.org/
Also http://www.openresolverproject.org
But it's not just about NTP and DNS, pretty much any UDP-based service
that can do amplification is in play,
On 02/12/2014 06:37 PM, Wright, Matthew wrote:
> List of open NTP servers from http://openntpproject.org/
Also http://www.openresolverproject.org
But it's not just about NTP and DNS, pretty much any UDP-based service
that can do amplification is in play, e.g SNMP, Chargen and I've even
seen "QOTD
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/02/2014 23:07, Robin Williams wrote:
> Interesting timing - we've also been seeing a big increase in the
> same over the last few weeks, mainly targeting schools from
> automated (& cheap!) online 'booter' services (presumably
> instigated by s
Sent: 12 February 2014 23:28
To: robin.willi...@tnp.net.uk
Cc: uknof@lists.uknof.org.uk
Subject: Re: [uknof] DNS/NTP , a solution !
Hi Robin,
On 12 Feb 2014, at 23:07, Robin Williams wrote:
> Interesting timing - we've also been seeing a big increase in the same over
> the last few we
Hi Robin,
On 12 Feb 2014, at 23:07, Robin Williams wrote:
> Interesting timing - we've also been seeing a big increase in the same over
> the last few weeks, mainly targeting schools from automated (& cheap!)
> online 'booter' services (presumably instigated by students who have had
> enough
Hi Thomas,
Interesting timing - we've also been seeing a big increase in the same
over the last few weeks, mainly targeting schools from automated (&
cheap!) online 'booter' services (presumably instigated by students who
have had enough of their IT lessons). We've also been forced to script
As I have been asked off-line quite a few times :
We wrote it to complement NFSEN. You can only search NFSEN once the data has
been fully analysed.
It mean that most of the time you have to wait a few minutes.
We were seeing 15 mns DDOS, at least twice a day. By the time we had identified
the D
Hello,
Because :
- Exa has been under attack way too much these last weeks
- We hate to have to deal with it
Because:
- Andrisoft seems cool but does not do FlowSpec
- Arbor is known for its price (and features)
- I am from Yorkshire (How much do you pay me to find bugs in your shinny
appli
17 matches
Mail list logo
