[nsp-sec] [EXTERNAL] Re: 9001: New UDP amplification port?

Thu Jul 15 11:27:01 EDT 2021

What's the TLP level for this info?  Can we share this in other trust groups related to DDoS?  I have started seeing spikes in UDP port 9001 today that could be DDoS amp traffic.

On 7/15/21, 12:21 AM, "nsp-security on behalf of Borja Marcos" <nsp-security-bounces at puck.nether.net on behalf of borjamar at sarenet.es> wrote:

    CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.

    ----------- nsp-security Confidential --------

    > On 14 Jul 2021, at 17:02, JASON CHAMBERS <jchambers at ucla.edu> wrote:
    > 
    > ----------- nsp-security Confidential --------
    > 
    > 
    > We saw some activity from 80.82.76.6 in June 2021, a 45 minute scan of 253k
    > IPs.
    > 
    > July 2021 shows a flurry of activity, presumed to be community research.

    Ruckus have confirmed that it is a flaw in their SmartZone controller, exploitable when it is
    not behind a firewall.

    They are testing the fixes and they will release them soon.

    That would explain the limited number of ASs involved and I guess we will see very few of these,
    if any. As far as I know they contacted the ISPs.

    Thank you!

    Borja.

    _______________________________________________
    nsp-security mailing list
    nsp-security at puck.nether.net
    https://puck.nether.net/mailman/listinfo/nsp-security

    Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
    community. Confidentiality is essential for effective Internet security counter-measures.
    _______________________________________________

E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.