on recent days I've seen an UDP attack a couple of times. The attack is fairly simple, a full
load of UDP packets filled with "X". The attacks comes from various sites from the other side
of the pond (46.165.197.xx, 213.152.180.yy).
Has anyone seen this kind of attack? Basically, the attack aims to fill your pipe (150Mbps
over an STM1... guess what...) Then the question goes like this: besides asking your
upstream provider to block, drop or whatever on the offending traffic, and Kontaktieren Sie
den Administrator, what else can be done?
Thanks in advance for any help you can provide.
Please contact me off list. I'll post a recap on due time.
There are a lot of different attack types that one might see as an ISP/SP of services. 10 years+ ago it would be an ICMP flood. Some of us took to rate-limiting the icmp echo/echo-reply traffic to 2Mb/s on links to mitigate the flood.
UDP can be a powerful tool in the hands of a compromised server. I recall in 96 putting 100M of udp through a 10m firewall/nat midpoint. Had to drive to the office to kill the process.
Without knowing the nature of the pattern you are seeing, it is very hard to advise anything other than to contact your ISP for filtering. Traffic against udp/0 (fragments) would be handled different than others (eg: udp/80). I've seen many people just add udp/80 to their standard filters since I'm unaware of any UDP HTTP implementations.
You can try to determine why you were attacked, but that too can be as simple as a "script kiddie" on IRC to an attack with far more malicious motive and implications.
The attacks comes from various sites from the other side of the pond
(46.165.197.xx, 213.152.180.yy).
How can you be sure? With UDP, you have zero guarantee on the source
IP address. (Checking the TTL can give you a hint if the packets
really come from the same point.)
Many. Although in fairness, some people use "guys" in a gender-neutral manner.
The attacks comes from various sites from the other side of the pond
(46.165.197.xx, 213.152.180.yy).
How can you be sure? With UDP, you have zero guarantee on the source
IP address. (Checking the TTL can give you a hint if the packets
really come from the same point.)
I do not know of any name servers that reply to queries with UDP packets filled with only the letter X. The DNS Headers alone require more than the letter "X".
Many. Although in fairness, some people use "guys" in a gender-neutral manner.
some people use it in a globally-neutral manner.
"those guys over there" pointing at a rack full of servers.
Guys seem to think that it's gender neutral. The majority of women are used to this, but they have indicated to me that they don't believe it to be very neutral. Using "guys" is not gender neutral, it's flat out implying the other gender doesn't matter. *
Given the lack of truly neutral terms in english, I have taken to alternative my pronouns interchangably when I write.
"Those guys are chewing on that, but these gals are doing the vector calculations." (pointing at different racks of gear)
Or when actually referring to persons of mixed gender, here's a quote from something I posted in a private forum (my own journal) which is safe for export:
Because frankly, we're all in this together and honestly everyone loves the competition. The guys I race with often come find me afterwards and tell me where they got past me, or ask me how I kept passing them. The really fast girls rarely want more than a beer to go out on the track and give you a detailed breakdown on what you are doing wrong. We all help each other.
In this situation I'm leaving it up the reader to grasp that I'm not saying that the girls are all faster than the boys, but I believe it's understood in context as the topic was about how peers help each other out.
I really wish that english had better pronouns for this.
* As evidence of the nasty side effects of this, the bible was translated from a language which understands gender neutral terms to english, and was in translating reduced it to "man". Which is now used by only-english-speaking preachers to justify the "proper placement" of women in society.
If for no other reason than that the use of a single gender pronoun confuses less intelligent types to assume that women aren't important in technology (and god knows this completely baseless assumption is widely held) do your part to mix it up!
I do not know of any name servers that reply to queries with UDP
packets filled with only the letter X. The DNS Headers alone
require more than the letter "X".
Yes, you're right but I'm not sure we should take the original report
too litterally. May be he meant there were a lot of X in the packets
(and he missed the headers), which is consistent with DNS "large TXT"
attacks such as the one described in
<Microsoft Learn: Build skills that open doors in your career; (where the
attacker filled with consecutive numbers, not X).
Anyway, without the actual pcap file, it is only speculation.
Or when actually referring to persons of mixed gender, here's a quote from something I posted in a private forum (my own journal) which is safe for export:
Because frankly, we're all in this together and honestly everyone loves the competition. The guys I race with often come find me afterwards and tell me where they got past me, or ask me how I kept passing them. The really fast girls rarely want more than a beer to go out on the track and give you a detailed breakdown on what you are doing wrong. We all help each other.
In this situation I'm leaving it up the reader to grasp that I'm not saying that the girls are all faster than the boys, but I believe it's understood in context as the topic was about how peers help each other out.
It's NOT helping to equivocate "guys" and "girls"!
Guys and gals = equivalent
Boys and girls = equivalent
Guys and girls != equivalent
All the TV shows that refer to female contestants as "girls" are not helping when they (universally) refer to the males as "guys". Unless you refer to the male contestants (on TV) or team members (at work) as "boys" you shouldn't be using the word "girls" to refer to the females.
I really wish that english had better pronouns for this.
I really wish folks would dig a bit deeper into the thesaurus to find appropriate words. One can use a variety of gender neutral words with some simple re-writing. Remember, it's perfectly OK to employ singular "they" as well.
Maybe one of the folks here there aren't laywers but likes to give legal advice, that covers the use of male language to be for shortness in responses and no way indicate gender bias so we can all get back to talking about network
I really wish people would get over themselves and get to work. Work is a place where things get done, not where people piss and moan about every single perceived slight they can come up with.
Kevin Carmical
Network Support
UCA
BBA 107
501-450-3107>>> <deleskie@gmail.com> 9/27/2012 1:52 PM >>>
Maybe one of the folks here there aren't laywers but likes to give legal advice, that covers the use of male language to be for shortness in responses and no way indicate gender bias so we can all get back to talking about network
Also, btw, I disagree with that earlier comment about gender usage in
the Bible, as least in regards to the New Testament. The Greek language
of that time period is the most specific/nuanced/sophisticated language
in the history of the world.... far more specific/nuanced/sophisticated
than modern day European languages.
I find that "folks" is an excellent replacement that drops in most
places I'm tempted to use "guys."
On the other hand, using "they" as a replacement for "he" or "she"
makes a sentence hard to parse. See that individual over there?
They're fixing it. Ick!
