Increase in Protocol 47 (GRE) traffic since end of December 2016

There is a probably a consumer device that has a GRE listener running, and it is possible to send it a small packet, and it will return back some sort of error response. So classic amplification.<p>Thought given the moderate amount of traffic, maybe it isn&#x27;t a hugely effective DDoS method.<p>Even if a consumer device doesn&#x27;t use GRE, it doesn&#x27;t mean it isn&#x27;t there. GRE is often included in Linux kernels.

This is when somebody gets the bright idea to block all protocols other than TCP and UDP.<p>Hey you can just tunnel via udp right??

Makes me wonder if someone has a comms protocol based on backscatter for the back haul.

GRE Tunnel bonding rollout maybe?

Mirai, state sponsored botnet.