Re: QUIC application

[John Kristoff <jtk () DEPAUL EDU>]

On Wed, 4 Sep 2019 16:09:39 +0000
"Irigoyen, Alex" <000000fdd1153508-dmarc-request () LISTSERV EDUCAUSE EDU>
wrote:

> As students settle in and we look at our increased traffic, we notice
> that QUIC is listed within the top applications used on the network.
> Curious if anyone is blocking QUIC to force Chrome to fail-back to
> TLS/SSL for better application visibility and control?

Do you care about those that do not block it?

It is practically all Google traffic.  We do not arbitrary block that
or other new magic bit combinations unless they pose a threat we cannot
mitigate any other way.

However, on a related note.  Someone decided in my years-long hiatus to
apply some edge LAN protections on the Internet border.  This was
instantiated as a global UDP rate limit on Internet border routers.
However put that there is probably long go and did it for probably good
intentions, but reasoning unknown and probably faulty.  At some point
our traffic levels to Google and some gaming networks starting hitting
that threshold.  Took a little bit of detective work to figure out what
was happening until we "fixed" that rate limit.

ObHistory for those that might not have experienced it, UDP/80 was
often associated with DoS attacks.  Usually from simple Perl script
that could have fit into one line, often found on Solaris boxes running
as an unprivileged user.  Old timers probably remember seeing ./udp.pl
processes on compromised boxes in a tmp directory.

John

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community