Educause Security Discussion mailing list archives

Re: Blubster Traffic

From: Peter Charbonneau <Peter.Charbonneau () WILLIAMS EDU>
Date: Sun, 7 Sep 2003 11:59:32 -0400

Depending on how your network is set up, you could implement policy
routing in your core routers to send this INTERNAL traffic to the bit
bucket.

If you have Cisco in the core, you could generate an access-list like:

Extended IP access list 199
    permit udp any any port 41170

Then add a policy route statement:

route-map Blubster permit 30
 match ip address 199
 set interface Null0
!
route-map Blubster permit 40

Then add the Policy-Route to the interface(s) you want to drop it on.
(Could be VLANs, could be standard routed interfaces):

interface Vlan208
 ip address some.thing.at.williams mask.for.sub.net
 ip helper-address dhcp.server.at.williams
 no ip redirects
 no ip unreachables
 ip policy route-map Blubster


PeteC

*************************************************************************
Peter Charbonneau                       Williams College
Sr. Network and Systems Administrator   Office for Information Technology
Jesup Hall Room 112                     22 Lab Campus Drive
(413) 597-3408 (Phone)                  Williamstown, MA 01267
(413) 597-4103 (Fax)                    Peter.Charbonneau () williams edu
*************************************************************************

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU]On Behalf Of Piscitello, Frank
Sent: Saturday, September 06, 2003 9:00 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Blubster Traffic


So, our network is getting flooded with Blubster traffic.  It seems that
whenever a user does a search through Blubster, it connects via
UDP/41170 and scans local IPs and also hits 255.255.255.255.  The 255
traffic is killling the network.  Our Packeteer seems to be blocking
some of it, but not completely.

Any ideas?

------------------------------------------------------------------
Frank J. Piscitello, Jr.
Information Security Manager
Office of Information Security
Networking & Telecommunications
West Chester University of PA
West Chester, PA 19383

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Blubster Traffic Piscitello, Frank (Sep 06)
- <Possible follow-ups>
- Re: Blubster Traffic Peter Charbonneau (Sep 07)
- Re: Blubster Traffic Ariel Silverstone (Sep 08)