from Hacker News

Increase in Protocol 47 (GRE) traffic since end of December 2016

by aysfrm11 on 1/9/17, 7:17 PM with 10 comments

  • by samplonius on 1/9/17, 11:46 PM

    There is a probably a consumer device that has a GRE listener running, and it is possible to send it a small packet, and it will return back some sort of error response. So classic amplification.

    Thought given the moderate amount of traffic, maybe it isn't a hugely effective DDoS method.

    Even if a consumer device doesn't use GRE, it doesn't mean it isn't there. GRE is often included in Linux kernels.

  • by tossedaway334 on 1/9/17, 10:53 PM

    This is when somebody gets the bright idea to block all protocols other than TCP and UDP.

    Hey you can just tunnel via udp right??

  • by ChuckMcM on 1/9/17, 10:59 PM

    Makes me wonder if someone has a comms protocol based on backscatter for the back haul.

  • by the_mitsuhiko on 1/9/17, 11:27 PM

    GRE Tunnel bonding rollout maybe?

  • by coretx on 1/10/17, 8:07 AM

    Mirai, state sponsored botnet.