[nsp-sec] SSDP src port 1900 dst port 80 DDoS

Krista Hickey Krista.Hickey at cogeco.com
Thu Sep 25 12:03:02 EDT 2014 

Yes we here in Canadaland are also seeing SSDP based amp attacks. Had a couple end of July/beginning of August then quieted down but since beginning of Sept (aka: back-to-school season) they've been pretty steady in frequency and similar to D'Wayne we're seeing 1-20Gbps volumes. Destination ports vary but including those mentioned, 7/udp (echo) is also a frequent target.

I've spoken with other Canadian providers and they're seeing similar dates, volumes and ports so seems the booters have incorporated SSDP into their tools. Next up...QOTD?!

Krista
AS7992



Ce courriel provient de Krista.Hickey at cogeco.com . Pour assurer la livraison de futurs envois, veuillez inclure la presente adresse courriel a votre carnet
d'adresses ou votre liste d'expediteurs autorises.
Si vous ne souhaitez plus recevoir de messages promotionnels de la part de Cogeco, veuillez transf?rer ce courriel a desabonnement at cogeco.com. Merci!
Politique en matiere de protection des renseignements personnels de Cogeco et Engagement en matiere d'anti-spam - Contactez-nous
Cogeco Cable Canada, 5 Place Ville-Marie, Bureau 1700, Montreal, Quebec, H3B 0B3
--
This email is from Krista.Hickey at cogeco.com . To ensure the delivery of future emails, please add the current email address to your address book or safe senders list.
If you no longer wish to receive promotional emails from Cogeco, please forward this message to unsubscribe at cogeco.com. Thank you!
Privacy Policy and Anti-spam Commitment - Contact us
Cogeco Cable Canada, 5 Place Ville-Marie, Suite 1700, Montreal, Quebec, H3B 0B3

-----Original Message-----
From: nsp-security [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Saunders, D'Wayne S
Sent: Wednesday, September 24, 2014 9:01 PM
To: Schiel, John; nsp-security at puck.nether.net
Subject: Re: [nsp-sec] SSDP src port 1900 dst port 80 DDoS

----------- nsp-security Confidential --------

John,
        Seen similar over here in OZ. Not hand to a PC that I can grab the sources from but we have seen anywhere from 1Gbps to 19Gbps with this vector as well as DST port 8080








D'Wayne Saunders
Security Technologies  |  Security Operations  |  TSO

P  +61 3 86475889  |  M  +61 412 832 322 |  E dwayne.saunders at team.telstra.com


This communication may contain confidential or copyright information of Telstra Corporation Limited (ABN 33 051 775 556).
If you are not an intended recipient, you must not keep, forward, copy, use, save or rely on this communication, and any such action is unauthorised and prohibited. If you have received this communication in error, please reply to this email to notify the sender of its incorrect delivery, and then delete both it and your reply.





On 25/09/2014 10:56 am, "Schiel, John" <John.Schiel at twtelecom.com> wrote:

>----------- nsp-security Confidential --------
>




_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the nsp-security community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________

More information about the nsp-security mailing list