[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Tier1 ISP] : Vulnerable to a new DDoS amplification attack

Subject: [Tier1 ISP] : Vulnerable to a new DDoS amplification attack
From: rdobbins at arbor.net (Roland Dobbins)
Date: Fri, 23 Dec 2016 00:04:03 +0700
In-reply-to: <CA[email protected]>
References: <[email protected]> <CALoKGd2qr-[email protected]> <[email protected]> <[email protected]> <CA[email protected]> <[email protected]> <CAL9Qcx5qAS[email protected]> <[email protected]> <CA[email protected]> <CA[email protected]>

On 22 Dec 2016, at 23:56, Tom Beecher wrote:

> What he did was send 1500 byte ICMP packets with a max TTL at an IP 
> address that is not reachable due to a routing loop.

Same here.  Here's some context I sent him:

<https://www.usenix.org/legacy/events/imc05/tech/full_papers/xia/xia_html/imc05-paper-128-final.html>

<http://nanog.org/meetings/nanog36/presentations/xia.pdf>

<https://youtu.be/cWF4p5EuvQk>

Note related discussion of mitigation tactics here (e.g., TTL-based 
filtering via tACLs):

<http://www.cisco.com/c/en/us/about/security-center/ttl-expiry-attack.html>

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

References:
- [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
  - From: jean at ddostest.me (Jean | ddostest.me)
- [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
  - From: la at qrator.net (Alexander Lyamin)
- [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
  - From: j.j.santanna at utwente.nl (j.j.santanna at utwente.nl)
- [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
  - From: jean at ddostest.me (Jean | ddostest.me)
- [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
  - From: beecher at beecher.cc (Tom Beecher)
- [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
  - From: jean at ddostest.me (Jean | ddostest.me)
- [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
  - From: beecher at beecher.cc (Tom Beecher)
- [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
  - From: math at sizone.org (Ken Chase)
- [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
  - From: bill at herrin.us (William Herrin)
- [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
  - From: beecher at beecher.cc (Tom Beecher)

Prev by Date: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
Next by Date: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
Previous by thread: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
Next by thread: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
Index(es):
- Date
- Thread