11. Bottom line
Road notes:
1. 1.6B packets per one packet of a 1st stage – WOW!
2. SSDP is the king of a day.
Hypothesis:
We’re all not dead (yet) because SSDP amplifiers situated
at periphery of the network.
Its not about how much packets you can generate with
2nd stage – its about how many will reach the target.
My name is Alexander Lyamin, Qrator Labs
2 quick questions
Who being hit by amplification attack last year ?
Who observed amplifications originating from their own network ?
(that’s where the problem comes from – lack of obserations)
poor design (amplifiable)
Lack of ability to establish client authenticity inherent by UDP
So we decided to take a closer look whats up with all this trash flying around the network
It used to be much worset a year ago, we’re (as community) doing a good job fixing our DNS servers.
Also much of an improvement, but still thousands of servers which will amplify by 1300 times
It’s a chargen… what would you expect.
I have no slightest idea what this 3 peaks mean.
Third of a million amplifiers with multiplier of 78, but 50 isn’t tpo shaky
Intersting snapshot, but whats the big picture and is there are changes?
2 road notes
1.6 BILLION packets per one packet of a 1st stage – (even if purely theoretically) just WOW
SSDP is a king
1 hyphotesis
We’re not dead (yet) because SSDP amplifiers situated at periphery of the network
Its not about how much packets you can generate with 2nd stage – its about how many will reach the target.
Catch me up in hallway or email me to find out hows your ASN fares from our viewpoint.
Lets stay vigilant and keep our networks clean.