nanog mailing list archives
Re: chargen is the new DDoS tool?
From: "Justin M. Streiner" <streiner () cluebyfour org>
Date: Tue, 11 Jun 2013 14:55:18 -0400 (EDT)
On Tue, 11 Jun 2013, Vlad Grigorescu wrote:
We got hit with this in September. UDP/19 became our most busiest port overnight. Most of the systems participating were printers. We dropped it at the border, and had no complaints or ill effects.
Dropping the TCP and UDP "small services" like echo (not ICMP echo), chargen and discard as part of default firewall / filter policies probably isn't a bad idea. Those services used to be enabled by default on Cisco routers, but that hasn't been since probably around 11.3 (mid-late 90s).
Other than providing another DDoS vector, I'm not aware of any legitimate reason to keep these services running and accessible. As always, YMMV.
jms
Current thread:
- Re: chargen is the new DDoS tool?, (continued)
- Re: chargen is the new DDoS tool? Jimmy Hess (Jun 12)
- Re: chargen is the new DDoS tool? shawn wilson (Jun 12)
- Re: chargen is the new DDoS tool? Aaron Glenn (Jun 12)
- Re: chargen is the new DDoS tool? shawn wilson (Jun 12)
- Re: chargen is the new DDoS tool? Rich Kulawiec (Jun 12)
- Re: chargen is the new DDoS tool? Jimmy Hess (Jun 11)
- Re: chargen is the new DDoS tool? Ricky Beam (Jun 11)
- Re: chargen is the new DDoS tool? shawn wilson (Jun 12)
- Re: chargen is the new DDoS tool? John Kristoff (Jun 12)
- Re: chargen is the new DDoS tool? Justin M. Streiner (Jun 11)
- Re: chargen is the new DDoS tool? Jimmy Hess (Jun 11)
- RE: chargen is the new DDoS tool? David Edelman (Jun 11)
- Re: chargen is the new DDoS tool? Valdis . Kletnieks (Jun 11)
- Re: chargen is the new DDoS tool? Dobbins, Roland (Jun 11)
- Re: chargen is the new DDoS tool? Jimmy Hess (Jun 12)
- Re: chargen is the new DDoS tool? Nick B (Jun 12)