Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NANOG: users

about udp 80,8080,0

  

 
NANOG users RSS feed   Index | Next | Previous | View Threaded


eversuede at chol

Feb 9, 2010, 3:57 AM

Post #1 of 5 (496 views)
Permalink
about udp 80,8080,0
These days, most of ddos attack use udp port 80.8080.0 in our country
and our network.
Sometimes the traffic volume is up to 100gbps higher.
So, we are considering to rate(bps) control about udp port 8,8080,0 in
our ISP network.
Although such a ports arp not be used commonly...
I'm wondering about whether any of problems happen after do that.
Is there anyone who have experiences controlling udp port 8,8080,0 ?
rate-limiting or block!
What does application use 8.8080,0 port for the proper purpose?

[chk_receive.html?msgid=1265716670&uniqid=23455&sender=eversuede%40chol
.com]


rdobbins at arbor

Feb 9, 2010, 4:16 AM

Post #2 of 5 (470 views)
Permalink
Re: about udp 80,8080,0 [In reply to]
On Feb 9, 2010, at 6:57 PM, 최종훈 wrote:

> Is there anyone who have experiences controlling udp port 8,8080,0 ? rate-limiting or block!

Not a good idea to use rate-limiting to deal with DDoS attacks - the programmatically-generated bad traffic ends up crowding out legitimate traffic.

All kinds of online games (many very popular in the RoK) make use of various UDP high ports; one never knows what applications users are running, so simply blocking ports isn't generally a good idea.

S/RTBH and/or an IDMS are a couple of different ways to mitigate DDoS attacks.

See this presentation for some BCPs:

<http://files.me.com/roland.dobbins/k54qkv>

-----------------------------------------------------------------------
Roland Dobbins <rdobbins [at] arbor> // <http://www.arbornetworks.com>

Injustice is relatively easy to bear; what stings is justice.

-- H.L. Mencken


michael.holstein at csuohio

Feb 9, 2010, 9:02 AM

Post #3 of 5 (466 views)
Permalink
Re: about udp 80,8080,0 [In reply to]
> What does application use 8.8080,0 port for the proper purpose?
>
>

I've seen newer BitTorrent clients do this (UDP is supported, and the
port can be arbitrary).


Cheers,

Michael Holstein
Cleveland State University


jeffrey.lyon at blacklotus

Feb 9, 2010, 10:01 AM

Post #4 of 5 (470 views)
Permalink
Re: about udp 80,8080,0 [In reply to]
If you don't need UDP, disallow it to your entire network or to the
/xx where such is applicable. We have basic filters like this with our
carriers upstream and have prevented several Gbps of traffic from ever
hitting our filters as a result.

Jeff


2010/2/9 Michael Holstein <michael.holstein [at] csuohio>:
>
>>    What does application use 8.8080,0 port for the proper purpose?
>>
>>
>
> I've seen newer BitTorrent clients do this (UDP is supported, and the
> port can be arbitrary).
>
>
> Cheers,
>
> Michael Holstein
> Cleveland State University
>
>



--
Jeffrey Lyon, Leadership Team
jeffrey.lyon [at] blacklotus | http://www.blacklotus.net
Black Lotus Communications of The IRC Company, Inc.

Follow us on Twitter at http://twitter.com/ddosprotection to find out
about news, promotions, and (gasp!) system outages which are updated
in real time.

Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 -
21 to find out how to "protect your booty."


truman at suspicious

Feb 10, 2010, 3:45 AM

Post #5 of 5 (449 views)
Permalink
Re: about udp 80,8080,0 [In reply to]
On 10/02/2010, at 5:01 AM, Jeffrey Lyon wrote:

> If you don't need UDP, disallow it to your entire network or to the
> /xx where such is applicable. We have basic filters like this with our
> carriers upstream and have prevented several Gbps of traffic from ever
> hitting our filters as a result.
>
> Jeff

While this may be suitable in small networks, this type of heavy handed control will simply cause you more problems in the long run. There are just too many applications that use UDP to restrict it to exceptions. UDP isn't the problem, it's just a method of the attack.

Truman


>
> 2010/2/9 Michael Holstein <michael.holstein [at] csuohio>:
>>
>>> What does application use 8.8080,0 port for the proper purpose?
>>>
>>>
>>
>> I've seen newer BitTorrent clients do this (UDP is supported, and the
>> port can be arbitrary).
>>
>>
>> Cheers,
>>
>> Michael Holstein
>> Cleveland State University
>>
>>
>
>
>
> --
> Jeffrey Lyon, Leadership Team
> jeffrey.lyon [at] blacklotus | http://www.blacklotus.net
> Black Lotus Communications of The IRC Company, Inc.
>
> Follow us on Twitter at http://twitter.com/ddosprotection to find out
> about news, promotions, and (gasp!) system outages which are updated
> in real time.
>
> Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 -
> 21 to find out how to "protect your booty."
>

NANOG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.