These days, most of ddos attack use udp port 80.8080.0 in our country
and our network.
Sometimes the traffic volume is up to 100gbps higher.
So, we are considering to rate(bps) control about udp port 8,8080,0 in
our ISP network.
Although such a ports arp not be used commonly...
I'm wondering about whether any of problems happen after do that.
Is there anyone who have experiences controlling udp port 8,8080,0 ?
rate-limiting or block!
What does application use 8.8080,0 port for the proper purpose?
Not a good idea to use rate-limiting to deal with DDoS attacks - the programmatically-generated bad traffic ends up crowding out legitimate traffic.
All kinds of online games (many very popular in the RoK) make use of various UDP high ports; one never knows what applications users are running, so simply blocking ports isn't generally a good idea.
S/RTBH and/or an IDMS are a couple of different ways to mitigate DDoS attacks.
If you don't need UDP, disallow it to your entire network or to the
/xx where such is applicable. We have basic filters like this with our
carriers upstream and have prevented several Gbps of traffic from ever
hitting our filters as a result.
If you don't need UDP, disallow it to your entire network or to the
/xx where such is applicable. We have basic filters like this with our
carriers upstream and have prevented several Gbps of traffic from ever
hitting our filters as a result.
Jeff
While this may be suitable in small networks, this type of heavy handed control will simply cause you more problems in the long run. There are just too many applications that use UDP to restrict it to exceptions. UDP isn't the problem, it's just a method of the attack.