Last updated: 
2 months 3 weeks ago
Blog Manager
We are the Computer Security and Incident Response Team (CSIRT) for the Janet network. Part of Jisc's Security Operations Centre, our mission is to safeguard the current and future network security of Janet (steering the security policies for all Janet connections) and of our customers, creating a secure environment to conduct your online activities. Our primary function is monitor and resolve any security incidents that occur on the Janet network, with specialists tracking a range of platforms, including Unix, Linux and Windows.

Reflected DDoS attacks

Tuesday, October 29, 2013 - 11:06

Following on from our messages and briefing at the start of the year, DDOS attacks are continuing to occur at a greater frequency than they have in previous years. We have been working to assist affected customers when they happen.

Many of the attacks make use of unauthenticated UDP based services to reflect and amplify traffic against the chosen target. Open DNS resolvers (53/udp) and increasingly CHARGEN (19/udp) are the two most abused services. It's not unusual to see attacks in the order of 10Gb/s.

An open DNS resolver, or CHARGEN service on your network is unlikely to cause your institution any issues but it's worth remembering that the reflected traffic causes other people sleepless nights, disruption to their services, and bandwidth charges.

Please be vigilant to these sorts of issues on your network. You may wish to control or monitor patterns of traffic to these types of services. Together you have done much to maintain the reputation of our community in this area.