(blog.cloudflare.com)

265 points methuselah_in | 3 comments | 20 Jun 25 18:34 UTC | HN request time: 0.731s | source

Show context

jakub_g ◴[24 Jun 25 14:48 UTC] No.44366870[source]▶

> QOTD DDoS attack

> How it works: Abuses the Quote of the Day (QOTD) Protocol, which listens on UDP port 17 and responds with a short quote or message.

Does any reasonable operating system those days support this protocol? Sounds like "IP over Avian Carriers" to me.

replies(7): >>44366952 #>>44366980 #>>44367259 #>>44367672 #>>44369421 #>>44370463 #>>44371825 #

NoboruWataya ◴[24 Jun 25 15:27 UTC] No.44367259[source]▶

>>44366870 #

Huh, this sounds kind of cool, I like the idea of there being a few QOTD servers dotted around the internet. Shame that the first I'm heading about it is it being abused to launch a DDOS.

replies(1): >>44367588 #

msgodel ◴[24 Jun 25 15:57 UTC] No.44367588[source]▶

>>44367259 #

You can always ssh to random hosts and read the netbanners.

Of course nearly all of them are a long paragraph or two of legal jargon that more or less boils down to "fuck off."

replies(2): >>44368822 #>>44372079 #

1. Retr0id ◴[24 Jun 25 17:48 UTC] No.44368822[source]▶

>>44367588 #

SSH banners come over TCP, requiring the 3-way handshake first, meaning you can't use it for traffic reflection (beyond the SYN-ACK itself).

replies(1): >>44368937 #

2. msgodel ◴[24 Jun 25 18:00 UTC] No.44368937[source]▶

>>44368822 (TP) #

Right, in general unless you're going to put a lot of care into the state machine to deal with network congestion/abuse it's better to stick with TCP.

replies(1): >>44371460 #

3. johncolanduoni ◴[24 Jun 25 21:53 UTC] No.44371460[source]▶

>>44368937 #

I was glad to see QUIC did a pretty good job of limiting its usefulness for reflection attacks. Hopefully we’ll see more uses of UDP move to it

↑

How Cloudflare blocked a monumental 7.3 Tbps DDoS attack