Access Keys:
Skip to content (Access Key - 0)

Q: I received a UDP reflection attack notice

Answer

Periodically, IS&T's Security Operations Team will scan MITnet for known bad behaviors that indicate a system compromise. When these behaviors are detected, notices are sent to registered host owners asking them to investigate and address the issue.

Why did I receive this notification?

You received this notification because a host registered to you, or in your area of responsibility, was observed participating in a Denial of Service attack against other hosts on MITnet and/or the greater Internet.

What triggers this alert?

A host on MIT's network sending out an exceptionally large volume of traffic using a known-and-frequently-abused UDP service. This behavior, called a UDP amplification attack, is used to overwhelm a victim system.

What should I do?

If you have a locale IT support liaison, we recommend contacting them for support.

If you are the administrator of the host in question, we recommend you:

  • disable the service if it's not necessary; 
  • adjust your firewall configuration so it only serves certain IP ranges; 

If you do not have a local IT support liaison, you can contact the IS&T Help Desk.

What if I have additional questions?

Additional questions can be directed to the IS&T Help Desk or the Security Operations Team.

Notices sent out to host owners will be in the following format:

Greetings,

IS&T has observed activity which indicates a computer registered to you (or in your area of responsibility) is actively participating in a UDP-based Denial of Service attack that is impacting networks outside of MIT. The following computer is generating malicious and egregious amounts of $service_name traffic:

Host: [HOST-NAME.MIT.EDU]
IP Address: [18.1.2.3]
Observed: [DATE]
Behavior: [DESCRIPTION OF REFLECTION ATTACK]

Please take steps to resolve this issue immediately.

If you need assistance, please contact IS&T's Computing Help Desk (ist.mit.edu/help).

Regards,

Security Operations

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

February 26, 2015

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
c-security-network c-security-network Delete
received received Delete
a a Delete
udp udp Delete
reflection reflection Delete
attack attack Delete
notice notice Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki