[nsp-sec] 6700 Chargen Reflectors
Stéphane Dodeller
dodeller at ip-plus.net
Wed Jun 26 11:06:49 EDT 2013
Hi Krista,
Ack and thanks for 3303.
Best regards
Stéphane Dodeller
AS3303
Swisscom/IP-Plus Engineering
Le 26 juin 2013 à 15:25, Krista Hickey <Krista.Hickey at cogeco.com> a écrit :
> ----------- nsp-security Confidential --------
>
> Blast from the past...well not really as this is fairly prevalent but this 5Gbps gaming related attack early this morning caught my attention and then noticed it's using good ole Chargen reflectors. Fairly certain few of you have legitimate reason to have hosts responding to chargen on your network so attached is some fodder for internal discussion. They also have statically set the destination port so you should also be able to look for flows/logs to my target on destination port 2070/udp
>
> As before, share as required for mitigation, no attribution, strip the target unless necessary and if you need the /32 just contact me offlist.
>
> Krista
> 7992
> <652808>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20130626/31464da4/attachment-0001.sig>
More information about the nsp-security
mailing list