nanog mailing list archives
Re: chargen is the new DDoS tool?
From: Damian Menscher <damian () google com>
Date: Tue, 11 Jun 2013 23:26:02 -0700
On Tue, Jun 11, 2013 at 8:39 AM, Bernhard Schmidt <berni () birkenwald de>wrote:
we have been getting reports lately about unsecured UDP chargen servers in our network being abused for reflection attacks with spoofed sources Anyone else seeing that? Anyone who can think of a legitimate use of chargen/udp these days? Fortunately I can't, so we're going to drop 19/udp at the border within the next hours.
FWIW, last August we noticed 2.5Gbps of chargen being reflected off ~160 IPs (with large responses in violation of the RFC). As I recall, some quick investigation indicated it was mostly printers. I notified several of the worst offenders (rated by bandwidth). While I think it's silly to be exposing chargen to the world (especially as a default service in a printer!), the real problem here is networks that allow spoofed traffic onto the public internet. In the rare cases we see spoofed traffic I put special effort into tracing them to their source, and then following up to educate those providers about egress filtering. I'd appreciate it if others did the same. Damian
Current thread:
- Re: chargen is the new DDoS tool?, (continued)
- Re: chargen is the new DDoS tool? shawn wilson (Jun 12)
- Re: chargen is the new DDoS tool? John Kristoff (Jun 12)
- Re: chargen is the new DDoS tool? Vlad Grigorescu (Jun 11)
- Re: chargen is the new DDoS tool? Justin M. Streiner (Jun 11)
- Re: chargen is the new DDoS tool? Jimmy Hess (Jun 11)
- Re: chargen is the new DDoS tool? Justin M. Streiner (Jun 11)
- Re: chargen is the new DDoS tool? Charles Wyble (Jun 11)
- Re: chargen is the new DDoS tool? Leo Bicknell (Jun 11)
- RE: chargen is the new DDoS tool? David Edelman (Jun 11)
- Re: chargen is the new DDoS tool? Valdis . Kletnieks (Jun 11)
- Re: chargen is the new DDoS tool? Dobbins, Roland (Jun 11)
- RE: chargen is the new DDoS tool? David Edelman (Jun 11)
- Re: chargen is the new DDoS tool? Damian Menscher (Jun 11)
- Re: chargen is the new DDoS tool? Joel M Snyder (Jun 12)
- Re: chargen is the new DDoS tool? Jimmy Hess (Jun 12)
- Re: chargen is the new DDoS tool? Nick B (Jun 12)