An Overview about open UDP Services

1. Team Cymru. Copyright ©2022. All Rights Reserved. | Visit Us At www.team-cymru.com | Contact Us At outreach@cymru.com 1 An Overview about open UDP Services Tarek Sendi – Security Evangelist https://team-cymru.com/community-services/

2. Team Cymru. Copyright ©2022. All Rights Reserved. | Visit Us At www.team-cymru.com | Contact Us At outreach@cymru.com 2 https://team-cymru.com/community-services/ • Introduction • Reflector and amplifier attacks • Bangladesh Stats • Approaches to reduce open UDP services • Goal for Bangladesh ISP • Conclusion & Questions Contents

3. Team Cymru. Copyright ©2022. All Rights Reserved. | Visit Us At www.team-cymru.com | Contact Us At outreach@cymru.com 3 https://team-cymru.com/community-services/nimbus-threat-monitor/ তারেক মূলত ততউতিতিযাি তিইআেটি-তত একজি ইরেন্ট হ্যান্ডলাে তহ্রিরে িাইোে তিতকউতেটিে প্রতিক্ষণ তিরযতিরলি এেং R&D- এে টিম তলড হ্রযতিরলি।"টিম িাইমরু"-এ, তারেক প্রতততিি েযেহ্ােকােী, অংিীিাে এেং েৃহ্ত্তে িম্প্রিারযে িারে িংর াগ কেরত কাজ করে। তারেক খি কম্পিউিারেে স্ক্রিরি আিরক োরক িা, তখি তি তাে িময োগারি কাজ করে এেং ফ ু িেল মযারে তগাল িা হ্াোরিাে জিয োিাধ্য তেষ্টা করে। Introduction

4. Team Cymru. Copyright ©2022. All Rights Reserved. | Visit Us At www.team-cymru.com | Contact Us At outreach@cymru.com 4 https://team-cymru.com/community-services/nimbus-threat-monitor/ Reflector and amplifier attacks DNS amplification attacks, NTP attacks, and Memcached DDOS are amplification attacks. In an amplification attack, the attacker sends a forged packet to the DNS server containing the IP address of the victim. The UDP server/service replies back to the victim instead with larger data. Other kinds of amplification attack include SMTP, SSDP, and so on.

5. Team Cymru. Copyright ©2022. All Rights Reserved. | Visit Us At www.team-cymru.com | Contact Us At outreach@cymru.com 5 https://team-cymru.com/community-services/nimbus-threat-monitor/ Reflector and amplifier attacks Protocol Bandwidth Amplification Factor DNS 28 to 54 NTP 556.9 SNMPv2 6.3 SSDP 30.8 CharGEN 358.8

6. Team Cymru. Copyright ©2022. All Rights Reserved. | Visit Us At www.team-cymru.com | Contact Us At outreach@cymru.com 6 • Bangladesh Stats Country Open Recursive DNS Open NTP Open SNMP Open SSDP Open CHARGEN DDOS Potential TBit/sec DDOS Rank India 224,172 130,387 43,093 68,185 323 84 11 Thailand 35,311 107,494 14,444 7,387 185 62 14 Australia 55,881 88,254 6,025 1,977 58 52 17 Bangladesh 47,046 25,714 12,389 53 12 16 38 Bulgaria 34,299 25,040 3,209 1,220 32 15 39 Pakistan 13,394 16,457 5,330 457 28 10 50 Puerto Rico 1,718 4,627 2,158 96 N/A 3 87 Copyright 2022, CyberGreen. All Rights Reserved.

7. Team Cymru. Copyright ©2022. All Rights Reserved. | Visit Us At www.team-cymru.com | Contact Us At outreach@cymru.com 7 Copyright 2022, CyberGreen. All Rights Reserved. • Open Recursive DNS • Bangladesh Stats (World rank #25)

8. Team Cymru. Copyright ©2022. All Rights Reserved. | Visit Us At www.team-cymru.com | Contact Us At outreach@cymru.com 8 • Bangladesh Stats (World rank #38) Copyright 2022, CyberGreen. All Rights Reserved. • Open NTP

9. Team Cymru. Copyright ©2022. All Rights Reserved. | Visit Us At www.team-cymru.com | Contact Us At outreach@cymru.com 9 • Bangladesh Stats (World rank #38) Copyright 2022, CyberGreen. All Rights Reserved. • Open SNMP

10. Team Cymru. Copyright ©2022. All Rights Reserved. | Visit Us At www.team-cymru.com | Contact Us At outreach@cymru.com 10 • Bangladesh Stats (World rank #38) Copyright 2022, CyberGreen. All Rights Reserved. • Open SNMP

11. Team Cymru. Copyright ©2022. All Rights Reserved. | Visit Us At www.team-cymru.com | Contact Us At outreach@cymru.com 11 • Bangladesh Stats (World rank #9) https://spoofer.caida.org/summary.php • Top Ten Spoofer Test Results (for the last year) Country Client IP blocks Spoofing IP blocks Blocking IP blocks Inconsistent IP blocks Client ASNs Spoofing ASNs Non-NAT NAT bra (Brazil) 2032328 (16.1%) 373 (18.4%) 1307 (64.3%) 24 (1.2%) 476195 (41.0%) ind (India) 1015151 (14.9%) 147 (14.5%) 712 (70.1%) 5 (0.5%) 4815 (31.3%) usa (United States) 1959117 (6.0%) 557 (28.4%) 1284 (65.5%) 1 (0.1%) 31173 (23.5%) egy (Egypt) 11998 (82.4%) 0 (0.0%) 21 (17.6%) 0 (0.0%) 53 (60.0%) arg (Argentina) 9944 (44.4%) 13 (13.1%) 42 (42.4%) 0 (0.0%) 175 (29.4%) irn (Iran) 25028 (11.2%) 17 (6.8%) 204 (81.6%) 1 (0.4%) 264 (15.4%) npl (Nepal) 5522 (40.0%) 8 (14.5%) 24 (43.6%) 1 (1.8%) 105 (50.0%) chn (China) 44221 (4.8%) 101 (22.9%) 318 (71.9%) 2 (0.5%) 4215 (35.7%) bgd (Bangladesh) 5419 (35.2%) 0 (0.0%) 35 (64.8%) 0 (0.0%) 2912 (41.4%) pol (Poland) 246 18 (7.3%) 18 (7.3%) 209 (85.0%) 1 (0.4%) 49 9 (18.4%)

12. Team Cymru. Copyright ©2022. All Rights Reserved. | Visit Us At www.team-cymru.com | Contact Us At outreach@cymru.com 12 https://team-cymru.com/community-services/ • Approaches to reduce the impact of open UDP services This is what we can do: • Adhere and use ingress filtering to block spoofed packets (IETF BCP 38 and BCP 84 guidelines). • Use traffic shaping on UDP service requests to ensure repeated access to over-the-Internet resources is not abusive. (rfc2475 and rfc3260) • Disable and remove unwanted services, or deny access to local services over the internet, e.g., for NTP or DNS • Add session handling to the protocols

13. Team Cymru. Copyright ©2022. All Rights Reserved. | Visit Us At www.team-cymru.com | Contact Us At outreach@cymru.com 13 https://team-cymru.com/community-services/ • Goal for Bangladesh ISP we hope to reduce the number of open UDP services in Bangladesh by any number.

An Overview about open UDP Services

Esté a ler uma amostra.

Confira estes a seguir

An Overview about open UDP Services

Mais Conteúdo rRelacionado

Semelhante a An Overview about open UDP Services (20)

Mais de Bangladesh Network Operators Group (20)

Mais recentes (20)