On Feb 26, 2014, at 5:33 PM, valdis.kletni...@vt.edu wrote: > On Wed, 26 Feb 2014 11:44:55 -0600, Brandon Galbraith said: > >> Blocking chargen at the edge doesn't seem to be outside of the realm of >> possibilities. > > What systems are (a) still have chargen enabled and (b) common enough to make > it a viable DDoS vector? Just wondering if I need to go around and find > users of mine that need to be smacked around with a large trout....
First, if you didn't see this excellent paper, check it out: http://www.internetsociety.org/doc/amplification-hell-revisiting-network-protocols-ddos-abuse a) Yes - printers and other devices have it. b) yes. I only ran the scan once, but had ~130k devices respond. http://chargenscan.org/chargenip2asn.txt - Jared