US-CERT: TA14-017A: UDP-based Amplification Attacks (rev. 09 Feb 2014)
The notice may be read in it's entirety at https://www.us-cert.gov/ncas/alerts/TA14-017A.
Original release date: January 17, 2014 | Last revised: February 09, 2014. Certain UDP protocols have been identified as potential attack vectors: DNS NTP SNMPv2 NetBIOS SSDP CharGEN QOTD BitTorrent Kad Quake Network Protocol Steam Protocol The Mitigation section of the notice describes a suggested method and provides an open-source verification software package for verifying ingress filtering (a recommended practice). There are links to documents and prior notices that may be of interest. Hope this helps some. |
i myself find the CERT alerts to be very general.
check out the PDF reports that Prolexic put out, the one for DNS dives into the source code for the DNS DDoS tool that is going around. http://www.prolexic.com/news-events-...s-flooder.html |
All times are GMT -5. The time now is 01:14 AM. |