Educause Security Discussion mailing list archives
Re: QUIC application
From: John Kristoff <jtk () DEPAUL EDU>
Date: Wed, 4 Sep 2019 13:33:39 -0500
On Wed, 4 Sep 2019 16:09:39 +0000 "Irigoyen, Alex" <000000fdd1153508-dmarc-request () LISTSERV EDUCAUSE EDU> wrote:
As students settle in and we look at our increased traffic, we notice that QUIC is listed within the top applications used on the network. Curious if anyone is blocking QUIC to force Chrome to fail-back to TLS/SSL for better application visibility and control?
Do you care about those that do not block it? It is practically all Google traffic. We do not arbitrary block that or other new magic bit combinations unless they pose a threat we cannot mitigate any other way. However, on a related note. Someone decided in my years-long hiatus to apply some edge LAN protections on the Internet border. This was instantiated as a global UDP rate limit on Internet border routers. However put that there is probably long go and did it for probably good intentions, but reasoning unknown and probably faulty. At some point our traffic levels to Google and some gaming networks starting hitting that threshold. Took a little bit of detective work to figure out what was happening until we "fixed" that rate limit. ObHistory for those that might not have experienced it, UDP/80 was often associated with DoS attacks. Usually from simple Perl script that could have fit into one line, often found on Solaris boxes running as an unprivileged user. Old timers probably remember seeing ./udp.pl processes on compromised boxes in a tmp directory. John ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- QUIC application Irigoyen, Alex (Sep 04)
- <Possible follow-ups>
- Re: QUIC application John Kristoff (Sep 04)