-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 13/02/2014 18:04, Robin Williams wrote:
It'd also be good to discuss merging data from these projects into
an upstream 'open-generalbadstuff-project'.
shadowserver are putting some source of open dns resolvers into their
reports and I'm sure
Keith Mitchell wrote:
But it's not just about NTP and DNS, pretty much any UDP-based service
that can do amplification is in play, e.g SNMP, Chargen and I've even
seen QOTD (UDP 19).
snip
Universal BCP38 source address validation is needed more badly then ever :-(
It really is. Glad to
On 14/02/2014 11:54, Giles Davis wrote:
Keith Mitchell wrote:
Universal BCP38 source address validation is needed more badly then ever :-(
It really is.
It really is, but bear in mind that a single 1GE connection with no urpf
can be used to create ~250-300G of backscatter traffic.
This
Nick Hilliard wrote:
It really is, but bear in mind that a single 1GE connection with no urpf
can be used to create ~250-300G of backscatter traffic.
This means that there's only a requirement to have a single unscrupulous or
incompetent ISP with GE in the world to allow a devastating DoS to
On 02/14/2014 06:54 AM, Giles Davis wrote:
Keith Mitchell wrote:
But it's not just about NTP and DNS, pretty much any UDP-based service
that can do amplification is in play, e.g SNMP, Chargen and I've even
seen QOTD (UDP 17).
Universal BCP38 source address validation is needed more badly
On 02/14/2014 09:02 AM, Giles Davis wrote:
Nick Hilliard wrote:
It really is, but bear in mind that a single 1GE connection with
no urpf can be used to create ~250-300G of backscatter traffic.
This means that there's only a requirement to have a single
unscrupulous or incompetent ISP with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/02/2014 23:07, Robin Williams wrote:
Interesting timing - we've also been seeing a big increase in the
same over the last few weeks, mainly targeting schools from
automated ( cheap!) online 'booter' services (presumably
instigated by
On 13/02/14 17:14, Keith Mitchell wrote:
On 02/12/2014 06:37 PM, Wright, Matthew wrote:
List of open NTP servers from http://openntpproject.org/
Also http://www.openresolverproject.org
But it's not just about NTP and DNS, pretty much any UDP-based service
that can do amplification is in play,
To: Keith Mitchell
Cc: uknof@lists.uknof.org.uk
Subject: Re: [uknof] DNS/NTP censured, a solution !
On 13/02/14 17:14, Keith Mitchell wrote:
On 02/12/2014 06:37 PM, Wright, Matthew wrote:
List of open NTP servers from http://openntpproject.org/
Also http://www.openresolverproject.org
But it's
As I have been asked off-line quite a few times :
We wrote it to complement NFSEN. You can only search NFSEN once the data has
been fully analysed.
It mean that most of the time you have to wait a few minutes.
We were seeing 15 mns DDOS, at least twice a day. By the time we had identified
the
Hi Thomas,
Interesting timing - we've also been seeing a big increase in the same
over the last few weeks, mainly targeting schools from automated (
cheap!) online 'booter' services (presumably instigated by students who
have had enough of their IT lessons). We've also been forced to script
Hi Robin,
On 12 Feb 2014, at 23:07, Robin Williams robin.willi...@tnp.net.uk wrote:
Interesting timing - we've also been seeing a big increase in the same over
the last few weeks, mainly targeting schools from automated ( cheap!)
online 'booter' services (presumably instigated by students
12 matches
Mail list logo