Here is the slide of my talk on FloCon 2017.
- DRDoS accounts for over 60% of all DDoS, hard to track, annoying bandwidth consumption, larger & larger
- DNS ＋ NTP ＋ CharGEN reflection account for over 77% of all DRDoS events
- DRDoS amplifiers has been bing used heavily, over 30% of our detected DNS amplifiers are bing used for DRDoS right now
- DNS reflection using ANY query, NTP reflection using MONLIST command, CharGEN …, all of little practical use
- Kill top amplifiers’ in-traffic, solve the majority problem, no effect to normal network, hands together, let’s DO it.
Happy time at San Diego.