nanog mailing list archives

RE: Over a decade of DDOS--any progress yet?

From: Drew Weaver <drew.weaver () thenap com>
Date: Fri, 10 Dec 2010 15:32:10 -0500

I should've "qualified" my question by saying "What valid application which traverses the Internet and could be seen at 
the edge of a network actually uses UDP 80?"

I can't imagine there is too much Cisco NAC client for macs carrying on over the Internet, although I have been wrong 
in the past.

-Drew


-----Original Message-----
From: Michael Costello [mailto:mc3401 () columbia edu] 
Sent: Wednesday, December 08, 2010 11:59 AM
To: nanog () nanog org
Subject: Re: Over a decade of DDOS--any progress yet?

On Wed, 8 Dec 2010 11:13:01 -0500
Drew Weaver <drew.weaver () thenap com> wrote:

The most common attacks that I have seen over the last 12 months, and
let's say I have seen a fair share have been easily detectable by the
source network.

It is either protocol 17 (UDP) dst port 80 or UDP Fragments (dst port
0..)

What valid application actually uses UDP 80?


The Cisco NAC client for Macs, for the purpose of "VLAN change
detection", sends UDP/80 packets to the host's reversed default
gateway (i.e., if the actual gateway is 1.2.3.4, it sends the packets
to 4.3.2.1) once every five seconds.

mc

Current thread:

Re: Over a decade of DDOS--any progress yet?, (continued)
- Re: Over a decade of DDOS--any progress yet? Arturo Servin (Dec 08)
  - Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
  - Re: Over a decade of DDOS--any progress yet? Jeffrey Lyon (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Arturo Servin (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Jack Bates (Dec 08)
    - RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Jack Bates (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Jeffrey Lyon (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Michael Costello (Dec 08)
    - RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 10)
    - Re: Over a decade of DDOS--any progress yet? Michael Costello (Dec 11)
  - Re: Over a decade of DDOS--any progress yet? Chris Boyd (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
    - RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 10)
- Re: Over a decade of DDOS--any progress yet? alvaro.sanchez () adinet com uy (Dec 08)