26 Feb
2014
26 Feb
'14
5:40 p.m.
On Feb 26, 2014, at 5:33 PM, Valdis.Kletnieks@vt.edu wrote:
On Wed, 26 Feb 2014 11:44:55 -0600, Brandon Galbraith said:
Blocking chargen at the edge doesn't seem to be outside of the realm of possibilities.
What systems are (a) still have chargen enabled and (b) common enough to make it a viable DDoS vector? Just wondering if I need to go around and find users of mine that need to be smacked around with a large trout....
First, if you didn't see this excellent paper, check it out: http://www.internetsociety.org/doc/amplification-hell-revisiting-network-pro... a) Yes - printers and other devices have it. b) yes. I only ran the scan once, but had ~130k devices respond. http://chargenscan.org/chargenip2asn.txt - Jared