I'm having an odd situation were we're getting DDoS'd with UDP floods,
only during the school day. It hasn't been enough to take us down, but
was enough to get the attention of our ISP and show up in our FortiGate.
The ISP couldn't seem to provide mu...
From what digging I've done, it does seem to be associated with SkyVPN.
The handful of free VPNs they're using seem to just scan through lists
of their IPs and ports until they find one that works. In that example,
the client is reaching out to that ...
It does appear to be "legitimate" VPN traffic, here's what I'm seeing in
the Anomaly log on the FortiGate and a sample of what the destination by
the first source looks like in the FortiAnalyzer. I also looked up a
handful of those IPs and most seem ...