nanog mailing list archives
Re: chargen is the new DDoS tool?
From: Vlad Grigorescu <vladg () cmu edu>
Date: Tue, 11 Jun 2013 15:58:57 +0000
We got hit with this in September. UDP/19 became our most busiest port overnight. Most of the systems participating were printers. We dropped it at the border, and had no complaints or ill effects. —-Vlad Grigorescu Carnegie Mellon University On Jun 11, 2013, at 11:39 AM, Bernhard Schmidt <berni () birkenwald de> wrote:
Heya everyone, we have been getting reports lately about unsecured UDP chargen servers in our network being abused for reflection attacks with spoofed sources http://en.wikipedia.org/wiki/Character_Generator_Protocol | In the UDP implementation of the protocol, the server sends a UDP | datagram containing a random number (between 0 and 512) of characters | every time it receives a datagram from the connecting host. Any data | received by the server is discarded. We are seeing up to 1500 bytes of response though. This seems to be something new. There aren't a lot of systems in our network responding to chargen, but those that do have a 15x amplification factor and generate more traffic than we have seen with abused open resolvers. Anyone else seeing that? Anyone who can think of a legitimate use of chargen/udp these days? Fortunately I can't, so we're going to drop 19/udp at the border within the next hours. Regards, Bernhard
Current thread:
- Re: chargen is the new DDoS tool?, (continued)
- Re: chargen is the new DDoS tool? shawn wilson (Jun 12)
- Re: chargen is the new DDoS tool? Jimmy Hess (Jun 12)
- Re: chargen is the new DDoS tool? shawn wilson (Jun 12)
- Re: chargen is the new DDoS tool? Aaron Glenn (Jun 12)
- Re: chargen is the new DDoS tool? shawn wilson (Jun 12)
- Re: chargen is the new DDoS tool? Rich Kulawiec (Jun 12)
- Re: chargen is the new DDoS tool? Jimmy Hess (Jun 11)
- Re: chargen is the new DDoS tool? Ricky Beam (Jun 11)
- Re: chargen is the new DDoS tool? shawn wilson (Jun 12)
- Re: chargen is the new DDoS tool? John Kristoff (Jun 12)
- Re: chargen is the new DDoS tool? Justin M. Streiner (Jun 11)
- Re: chargen is the new DDoS tool? Jimmy Hess (Jun 11)
- RE: chargen is the new DDoS tool? David Edelman (Jun 11)
- Re: chargen is the new DDoS tool? Valdis . Kletnieks (Jun 11)
- Re: chargen is the new DDoS tool? Dobbins, Roland (Jun 11)
- Re: chargen is the new DDoS tool? Jimmy Hess (Jun 12)