nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours

From: "Roland Dobbins" <rdobbins () arbor net>
Date: Mon, 20 Jul 2015 20:49:54 +0200
On 20 Jul 2015, at 18:12, Drew Weaver wrote:
Ah, alright. I've seen the "general" amplification attacks SNMP/DNS/NTP/you name it, plenty but this is the first one I've ever seen one that targeted 1720/5060 and as its mitigated in one place it keeps moving from dst to dst fairly rapidly until none of the dst ips are available.
What source ports and breadth of purported source IPs? I'm not sure this is reflection/amplification attack, it may be a straight packeting of H.323 systems. 

-----------------------------------
Roland Dobbins <rdobbins () arbor net>
Previous By Date Next
Previous By Thread Next

Current thread: