I’m sure this is just the extension of all the UDP amplification attacks that are ongoing. My experience is that 1720/CUCM should not be connected to a public network as those devices are often not well maintained or patched. If it’s of value I can look at adding this to the set of things that are enumerated as part of the general UDP amplification problems that we continue to face due to the lack of SAV. - Jared
On Jul 20, 2015, at 11:57 AM, Drew Weaver <drew.weaver@thenap.com> wrote:
Has anyone else seen a massive amount of illegitimate UDP 1720 traffic coming from China being sent towards IP addresses which provide VoIP services?
I'm talking in the 20-30Gbps range?
The first incident was yesterday at around 13:00 EST, the second incident was today at 09:00 EST.
I'm assuming this is just another DDoS like all others, but I would be interested to hear if I am not the only one seeing this.
On list or off-list is fine.
Thanks, -Drew