LinuxQuestions.org - US-CERT: TA14-017A: UDP-based Amplification Attacks (rev. 09 Feb 2014)

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - US-CERT: TA14-017A: UDP-based Amplification Attacks (rev. 09 Feb 2014) (https://www.linuxquestions.org/questions/linux-security-4/us-cert-ta14-017a-udp-based-amplification-attacks-rev-09-feb-2014-a-4175494354/)

US-CERT: TA14-017A: UDP-based Amplification Attacks (rev. 09 Feb 2014)

The notice may be read in it's entirety at https://www.us-cert.gov/ncas/alerts/TA14-017A.

Original release date: January 17, 2014 | Last revised: February 09, 2014.

Certain UDP protocols have been identified as potential attack vectors:

DNS
NTP
SNMPv2
NetBIOS
SSDP
CharGEN
QOTD
BitTorrent
Kad
Quake Network Protocol
Steam Protocol

The Mitigation section of the notice describes a suggested method and provides an open-source verification software package for verifying ingress filtering (a recommended practice).

There are links to documents and prior notices that may be of interest.

Hope this helps some.

i myself find the CERT alerts to be very general.
check out the PDF reports that Prolexic put out, the one for DNS dives into the source code for the DNS DDoS tool that is going around.
http://www.prolexic.com/news-events-...s-flooder.html