Thanks John, and universities are their own ISP sort of so I see how you relate this.
But I am not sure that supports their original statement about ISPs limiting udp. I have discussed this with several large ISPs. So far I haven't heard anyone advocating rate limiting UDP as a protocol. Now udp:123 upd:1900 yes, many of us are or will be rate limiting those. Things like udp:1900, a lan protocol, could even in theory even be dropped. I know of no valid use of it over the Internet. RIPv1 same it is depreciated. However if they just said some networks may rate limit udp ... it would still cover the basic concept without making any false claims. If our enterprise started seeing a lot of udp reflective attacks I would recommend this approach if we could limit it to a specific set of ports. H8Hz [email protected] From: John Kristoff [[email protected]] Sent: Wednesday, August 19, 2015 1:38 PM To: Smith, Donald Cc: George, Wes; Ca By; [email protected]; [email protected] Subject: Re: [OPSEC] draft-byrne-opsec-udp-advisory Hi Don, On Wed, 19 Aug 2015 19:06:25 +0000 "Smith, Donald" <[email protected]> wrote: > I am not aware of anyone rate-limiting UDP itself. Specific ports > using UDP yes but not UDP as a protocol. As a specific IP protocol, it happens and it has happened. And not just with UDP. If you're not on NANOG, I described what was done in a university environment I was at years ago: <https://mailman.nanog.org/pipermail/nanog/2015-July/078010.html> While perhaps not on transit networks, some networks have UDP dropped by their upstream(s) or at their own "border", primarily as a means to mitigate all the UDP-based amplified reflection traffic they might otherwise have to carry. Its not very elegant perhaps, but it does happen and seemingly the trade-off some find to be worth it. John This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments. _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
