nanog mailing list archives
Re: chargen is the new DDoS tool?
From: Leo Bicknell <bicknell () ufp org>
Date: Tue, 11 Jun 2013 14:13:15 -0500
On Jun 11, 2013, at 10:39 AM, Bernhard Schmidt <berni () birkenwald de> wrote:
This seems to be something new. There aren't a lot of systems in our network responding to chargen, but those that do have a 15x amplification factor and generate more traffic than we have seen with abused open resolvers.
The number is non-zero? In 2013? While blocking it at your border is probably a fine way of mitigating the problem, I would recommend doing an internal nmap scan for such things, finding the systems that respond, and talking with their owners. Please report back to NANOG after talking to them letting us know if the owners were still using SunOS 4.x boxes for some reason, had accidentally enabled chargen, or if some malware had set up the servers. Inquiring minds would like to know! -- Leo Bicknell - bicknell () ufp org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Re: chargen is the new DDoS tool?, (continued)
- Re: chargen is the new DDoS tool? shawn wilson (Jun 12)
- Re: chargen is the new DDoS tool? Rich Kulawiec (Jun 12)
- Re: chargen is the new DDoS tool? Jimmy Hess (Jun 11)
- Re: chargen is the new DDoS tool? Ricky Beam (Jun 11)
- Re: chargen is the new DDoS tool? shawn wilson (Jun 12)
- Re: chargen is the new DDoS tool? John Kristoff (Jun 12)
- Re: chargen is the new DDoS tool? Justin M. Streiner (Jun 11)
- Re: chargen is the new DDoS tool? Jimmy Hess (Jun 11)
- RE: chargen is the new DDoS tool? David Edelman (Jun 11)
- Re: chargen is the new DDoS tool? Valdis . Kletnieks (Jun 11)
- Re: chargen is the new DDoS tool? Dobbins, Roland (Jun 11)
- Re: chargen is the new DDoS tool? Jimmy Hess (Jun 12)
- Re: chargen is the new DDoS tool? Nick B (Jun 12)