Over a decade of DDOS--any progress yet?

[mc3401 at columbia.edu (Michael Costello)]

On Wed, 8 Dec 2010 11:13:01 -0500
Drew Weaver <drew.weaver at thenap.com> wrote:

> The most common attacks that I have seen over the last 12 months, and
> let's say I have seen a fair share have been easily detectable by the
> source network.
> 
> It is either protocol 17 (UDP) dst port 80 or UDP Fragments (dst port
> 0..)
> 
> What valid application actually uses UDP 80?

The Cisco NAC client for Macs, for the purpose of "VLAN change
detection", sends UDP/80 packets to the host's reversed default
gateway (i.e., if the actual gateway is 1.2.3.4, it sends the packets
to 4.3.2.1) once every five seconds.

mc