30 Sep
2016
30 Sep
'16
8:07 p.m.
The unanswered SYN traffic to port 23 is much, much
more. Especially before the "allow only
registered hosts" filter. We are dropping around 80 Mbyte/day of traffic for our
/16 subnet due
to the address not being registered, so that would be about 20 GByte/day for amprgw....
Of course it is way more than that. I forgot that the about count is only for the subnets
within our /16
that are actually routed. That is about 1/5 of our space. So the total
"noise" traffic is more like
400 MB/day and would be like 100 GB/day for the entire AMPRnet.
Rob
30 Sep
30 Sep
8:48 p.m.
New subject: Security - Telnet (port tcp/23)
The amprgw inbound interface sees, on a good day, a constant 20MB/s
stream of backscatter and probes. Some days it's closer to 50MB/s.
During Internet events, such as DDoS attacks (on non-AMPR hosts),
I've seen sustained backscatter peaks well above 120MB/s. In the
past 40 days, we've seen a total of 70TB of traffic inbound.
- Brian
On Fri, Sep 30, 2016 at 09:07:22PM +0200, Rob Janssen wrote:
Of course it is way more than that. I forgot that the
about count is only for the subnets within our /16
that are actually routed. That is about 1/5 of our space. So the total
"noise" traffic is more like
400 MB/day and would be like 100 GB/day for the entire AMPRnet.
9:08 p.m.
New subject: Security - Telnet (port tcp/23)
On Fri, Sep 30, 2016 at 12:48 PM, Brian Kantor <Brian(a)ucsd.edu> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
The amprgw inbound interface sees, on a good day, a constant 20MB/s
stream of backscatter and probes. Some days it's closer to 50MB/s.
During Internet events, such as DDoS attacks (on non-AMPR hosts),
I've seen sustained backscatter peaks well above 120MB/s. In the
past 40 days, we've seen a total of 70TB of traffic inbound.
- Brian
Is CAIDA still slurping all of this traffic up? If not, you could just
stop announcing the unused networks and the traffic would go away.
Even if they are, there's no reason anything but the active networks
need to be forwarded all the way to amprgw.
Tom
10:42 p.m.
New subject: Security - Telnet (port tcp/23)
the "Iot" is quite a culprit..I am constantly probed and attacked by
routers, refrigerators, and many, many so-called "smart
TV's"...sometimes, when I'm bored, I shut them off...it gives me a
tickle to think of someone botting away and abruptly being shut
down...but the poor, unknowing customer is the one who suffers...I've
got to wonder if they even notice their appliance is acting strangely,
or laggy, and why...
this would best be fixed at the manufacturers end..
On 16-09-30 05:11 PM, Brian Kantor wrote:
(Please trim inclusions from previous messages)
_______________________________________________
On Fri, Sep 30, 2016 at 01:08:06PM -0700, Tom Hayward wrote:
Is CAIDA still slurping all of this traffic up?
Yes they are.
- Brian
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
2772
days inactive
2772
days old
4 comments
4 participants
participants (4)
-
Brian Kantor -
Rob Janssen -
Tom Hayward -
ve1jot