The unanswered SYN traffic to port 23 is much, much more. Especially before the "allow only registered hosts" filter. We are dropping around 80 Mbyte/day of traffic for our /16 subnet due to the address not being registered, so that would be about 20 GByte/day for amprgw....
Of course it is way more than that. I forgot that the about count is only for the subnets within our /16 that are actually routed. That is about 1/5 of our space. So the total "noise" traffic is more like 400 MB/day and would be like 100 GB/day for the entire AMPRnet.
Rob
The amprgw inbound interface sees, on a good day, a constant 20MB/s stream of backscatter and probes. Some days it's closer to 50MB/s. During Internet events, such as DDoS attacks (on non-AMPR hosts), I've seen sustained backscatter peaks well above 120MB/s. In the past 40 days, we've seen a total of 70TB of traffic inbound. - Brian
On Fri, Sep 30, 2016 at 09:07:22PM +0200, Rob Janssen wrote:
Of course it is way more than that. I forgot that the about count is only for the subnets within our /16 that are actually routed. That is about 1/5 of our space. So the total "noise" traffic is more like 400 MB/day and would be like 100 GB/day for the entire AMPRnet.
On Fri, Sep 30, 2016 at 12:48 PM, Brian Kantor Brian@ucsd.edu wrote:
(Please trim inclusions from previous messages) _______________________________________________ The amprgw inbound interface sees, on a good day, a constant 20MB/s stream of backscatter and probes. Some days it's closer to 50MB/s. During Internet events, such as DDoS attacks (on non-AMPR hosts), I've seen sustained backscatter peaks well above 120MB/s. In the past 40 days, we've seen a total of 70TB of traffic inbound. - Brian
Is CAIDA still slurping all of this traffic up? If not, you could just stop announcing the unused networks and the traffic would go away. Even if they are, there's no reason anything but the active networks need to be forwarded all the way to amprgw.
Tom
the "Iot" is quite a culprit..I am constantly probed and attacked by routers, refrigerators, and many, many so-called "smart TV's"...sometimes, when I'm bored, I shut them off...it gives me a tickle to think of someone botting away and abruptly being shut down...but the poor, unknowing customer is the one who suffers...I've got to wonder if they even notice their appliance is acting strangely, or laggy, and why...
this would best be fixed at the manufacturers end..
On 16-09-30 05:11 PM, Brian Kantor wrote:
(Please trim inclusions from previous messages) _______________________________________________ On Fri, Sep 30, 2016 at 01:08:06PM -0700, Tom Hayward wrote:
Is CAIDA still slurping all of this traffic up?
Yes they are.
- Brian
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
-
Brian Kantor -
Rob Janssen -
Tom Hayward -
ve1jot