nanog mailing list archives

Re: Are we really this helpless? (Re: isprime DOS in progress)

From: Jeffrey Lyon <jeffrey.lyon () blacklotus net>
Date: Fri, 23 Jan 2009 21:13:33 -0500

I respectfully disagree. Network engineers have to keep up with many
tasks and preventing DoS/DDoS should be the responsibility of
everyone. I see more folks worried about spam than they are actual
security.

My two cents.

-- 
Jeffrey Lyon, Leadership Team
jeffrey.lyon () blacklotus net | http://www.blacklotus.net
Black Lotus Communications of The IRC Company, Inc.

Look for us at HostingCon 2009 in Washington, DC on August 10th - 12th
at Booth #401.



On Fri, Jan 23, 2009 at 9:05 PM, Seth Mattinen <sethm () rollernet us> wrote:

Noel Butler wrote:


On Sat, 2009-01-24 at 07:21, Chris McDonald wrote:

We [AS3491] null0'd the IP earlier.  Rest-of-world encouraged to do the
same :/




Wrong approach, they are *innocent* in this as are the new targets.

insert into your favourite acl:
deny udp host 66.230.160.1 neq 53 any eq 53
deny udp host 66.230.128.15 neq 53 any eq 53

But it's much less work to add a filter on the name server as others
have mentioned.



Having the world trying to keep up with ACL entries seems futile. Is there
really nothing to be done about this? (Yes, I know, BCP38, but obviously the
accomplice providers don't care.)

~Seth

Current thread:

Re: isprime DOS in progress, and Re: DNS Amplification attack?, (continued)
- - - Re: isprime DOS in progress, and Re: DNS Amplification attack? Dale Carstensen (Jan 21)
    - Re: isprime DOS in progress Harald Koch (Jan 21)
    - Re: isprime DOS in progress Bjørn Mork (Jan 22)
    - Re: isprime DOS in progress Phil Rosenthal (Jan 23)
    - RE: isprime DOS in progress Steven Lisson (Jan 23)
    - Re: isprime DOS in progress Joe Abley (Jan 23)
    - RE: isprime DOS in progress Luke Sheldrick (Jan 23)
    - Re: isprime DOS in progress Chris McDonald (Jan 23)
    - Re: isprime DOS in progress Noel Butler (Jan 23)
    - Are we really this helpless? (Re: isprime DOS in progress) Seth Mattinen (Jan 23)
    - Re: Are we really this helpless? (Re: isprime DOS in progress) Jeffrey Lyon (Jan 23)
    - Re: Are we really this helpless? (Re: isprime DOS in progress) Gadi Evron (Jan 23)
    - Re: Are we really this helpless? (Re: isprime DOS in progress) Seth Mattinen (Jan 23)
    - Re: Are we really this helpless? (Re: isprime DOS in progress) Valdis . Kletnieks (Jan 23)
    - Re: Are we really this helpless? (Re: isprime DOS in progress) Jamie A Lawrence (Jan 23)
    - Re: Are we really this helpless? (Re: isprime DOS in progress) Christopher Morrow (Jan 23)
    - Re: Are we really this helpless? (Re: isprime DOS in progress) Danny McPherson (Jan 23)
    - Re: Are we really this helpless? (Re: isprime DOS in progress) David Conrad (Jan 23)
    - Re: Are we really this helpless? (Re: isprime DOS in progress) Danny McPherson (Jan 23)
    - Re: Are we really this helpless? (Re: isprime DOS in progress) Jack Bates (Jan 23)
    - Re: Are we really this helpless? (Re: isprime DOS in progress) Roland Dobbins (Jan 23)

(Thread continues...)