nanog mailing list archives
Re: SNMP DDoS: the vulnerability you might not know you have
From: Jimmy Hess <mysidia () gmail com>
Date: Wed, 31 Jul 2013 18:42:07 -0500
On 7/31/13, Blake Dunlap <ikiris () gmail com> wrote:
I bet blocking all SYN packets and non related flow UDP packets to customers would be even more effective. Why don't we do that and be done with it instead of playing whack a mole every 3 months when someone finds some new service that was poorly designed so that it can be used to send a flood?
Because it breaks applications that people are paying to be able to use. The way I see it; more and more samples keep getting found about protocols abused because networks have not implemented BCP38. The latest SNMP trend is just another uptick to the sample size, and proof that Closing off perfectly OK recursive DNS services is totally inadequate and not a useful long-term fix to the problem of DDoS or IP/UDP reflection attacks. Asking folks to improve the security of access to their SNMP instances is just chasing the latest exploit implementation, with no attention to the vulnerability or the root cause.... -- -JH
Current thread:
- SNMP DDoS: the vulnerability you might not know you have bottiger (Jul 31)
- Re: SNMP DDoS: the vulnerability you might not know you have Blake Dunlap (Jul 31)
- Re: SNMP DDoS: the vulnerability you might not know you have Thomas St-Pierre (Jul 31)
- Re: SNMP DDoS: the vulnerability you might not know you have Blake Dunlap (Jul 31)
- RE: SNMP DDoS: the vulnerability you might not know you have James Braunegg (Jul 31)
- Re: SNMP DDoS: the vulnerability you might not know you have bottiger (Jul 31)
- Re: SNMP DDoS: the vulnerability you might not know you have Warren Bailey (Jul 31)
- Re: SNMP DDoS: the vulnerability you might not know you have Dobbins, Roland (Jul 31)
- Re: SNMP DDoS: the vulnerability you might not know you have Blake Dunlap (Jul 31)
- Re: SNMP DDoS: the vulnerability you might not know you have bottiger (Jul 31)
- Re: SNMP DDoS: the vulnerability you might not know you have Jimmy Hess (Jul 31)
- Message not available
- Re: SNMP DDoS: the vulnerability you might not know you have Larry Sheldon (Jul 31)
- Re: SNMP DDoS: the vulnerability you might not know you have Ricky Beam (Jul 31)
- Re: SNMP DDoS: the vulnerability you might not know you have Thomas St-Pierre (Jul 31)
- Re: SNMP DDoS: the vulnerability you might not know you have Blake Dunlap (Jul 31)
- Re: SNMP DDoS: the vulnerability you might not know you have Enno Rey (Jul 31)
- Re: SNMP DDoS: the vulnerability you might not know you have Warren Bailey (Jul 31)