On Thu, Jun 4, 2015 at 8:03 AM, Dominik Bay <[email protected]> wrote: > On 06/04/2015 04:00 PM, Yannis Nikolopoulos wrote: > > On 06/04/2015 01:08 PM, [email protected] wrote: > >>> From our side we have seen lots of IPv4 traffic from sources > >>> originated from AS15169 (UDP port 443) .We are using netflow to > >>> identify the traffic. > > > > You're right, > > > > We can also see the relevant IPv4/IPv6 traffic via Netflow, as it enters > > our network, It's just weird that we don't see logs for the denied > > matched IPv4 packets further down the network, as we do for IPv6... > > Why are you blocking QUIC traffic anyway? > > -dominik >
This is an IPv6 list, and there is no reason to block quic on IPv6. But, i definitely rate limit UDP ipv4 since that vast majority of UDP is DDoS traffic... I have suggested to the QUIC folks to use a new protocol number so they are not guilty by association with other UDP service... but they think broken CPE are a bigger problem. I think DDoS from UDP (NTP, DNS, SSDP, CHARGEN, SNMP ...) is a bigger problem.... I guess Google will just have to deal with QUIC not working on IPv4 in my network. Or they can use a new L4 protocol number and use the proven fall back strategy they already have with TCP to apply here as well... CB
