These days, most of ddos attack use udp port 80.8080.0 in our country and our network. Sometimes the traffic volume is up to 100gbps higher. So, we are considering to rate(bps) control about udp port 8,8080,0 in our ISP network. Although such a ports arp not be used commonly... I'm wondering about whether any of problems happen after do that. Is there anyone who have experiences controlling udp port 8,8080,0 ? rate-limiting or block! What does application use 8.8080,0 port for the proper purpose? [chk_receive.html?msgid=1265716670&uniqid=23455&sender=eversuede%40chol .com]
On Feb 9, 2010, at 6:57 PM, 최종훈 wrote:
Is there anyone who have experiences controlling udp port 8,8080,0 ? rate-limiting or block!
Not a good idea to use rate-limiting to deal with DDoS attacks - the programmatically-generated bad traffic ends up crowding out legitimate traffic. All kinds of online games (many very popular in the RoK) make use of various UDP high ports; one never knows what applications users are running, so simply blocking ports isn't generally a good idea. S/RTBH and/or an IDMS are a couple of different ways to mitigate DDoS attacks. See this presentation for some BCPs: <http://files.me.com/roland.dobbins/k54qkv> ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken
If you don't need UDP, disallow it to your entire network or to the /xx where such is applicable. We have basic filters like this with our carriers upstream and have prevented several Gbps of traffic from ever hitting our filters as a result. Jeff 2010/2/9 Michael Holstein <michael.holstein@csuohio.edu>:
What does application use 8.8080,0 port for the proper purpose?
I've seen newer BitTorrent clients do this (UDP is supported, and the port can be arbitrary).
Cheers,
Michael Holstein Cleveland State University
-- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Follow us on Twitter at http://twitter.com/ddosprotection to find out about news, promotions, and (gasp!) system outages which are updated in real time. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."
On 10/02/2010, at 5:01 AM, Jeffrey Lyon wrote:
If you don't need UDP, disallow it to your entire network or to the /xx where such is applicable. We have basic filters like this with our carriers upstream and have prevented several Gbps of traffic from ever hitting our filters as a result.
Jeff
While this may be suitable in small networks, this type of heavy handed control will simply cause you more problems in the long run. There are just too many applications that use UDP to restrict it to exceptions. UDP isn't the problem, it's just a method of the attack. Truman
2010/2/9 Michael Holstein <michael.holstein@csuohio.edu>:
What does application use 8.8080,0 port for the proper purpose?
I've seen newer BitTorrent clients do this (UDP is supported, and the port can be arbitrary).
Cheers,
Michael Holstein Cleveland State University
-- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc.
Follow us on Twitter at http://twitter.com/ddosprotection to find out about news, promotions, and (gasp!) system outages which are updated in real time.
Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."
participants (5)
-
Dobbins, Roland -
Jeffrey Lyon -
Michael Holstein -
Truman Boyes -
최종훈