nanog mailing list archives
RE: Are we really this helpless? (Re: isprime DOS in progress)
From: "Frank Bulk" <frnkblk () iname com>
Date: Fri, 23 Jan 2009 21:58:56 -0600
What's interesting in all of this is that ISPrime has been experiencing this for most of this week, yet not them or any of us has shared a network that is sourcing this traffic. I know I haven't bothered asking my upstream provider which backbone provider is sending them the "ISPrime" traffic, so I'm just as guilty as anyone. Frank -----Original Message----- From: Seth Mattinen [mailto:sethm () rollernet us] Sent: Friday, January 23, 2009 8:06 PM To: nanog () nanog org Subject: Are we really this helpless? (Re: isprime DOS in progress) Noel Butler wrote:
On Sat, 2009-01-24 at 07:21, Chris McDonald wrote:We [AS3491] null0'd the IP earlier. Rest-of-world encouraged to do the same :/Wrong approach, they are *innocent* in this as are the new targets. insert into your favourite acl: deny udp host 66.230.160.1 neq 53 any eq 53 deny udp host 66.230.128.15 neq 53 any eq 53 But it's much less work to add a filter on the name server as others have mentioned.
Having the world trying to keep up with ACL entries seems futile. Is there really nothing to be done about this? (Yes, I know, BCP38, but obviously the accomplice providers don't care.) ~Seth
Current thread:
- Re: Are we really this helpless? (Re: isprime DOS in progress), (continued)
- Re: Are we really this helpless? (Re: isprime DOS in progress) Michael Dillon (Jan 25)
- RE: Are we really this helpless? (Re: isprime DOS in progress) Lorell Hathcock (Jan 25)
- Re: Are we really this helpless? (Re: isprime DOS in progress) David Conrad (Jan 25)
- Re: Are we really this helpless? (Re: isprime DOS in progress) Jon Kibler (Jan 24)
- Re: Are we really this helpless? (Re: isprime DOS in progress) Michael Dillon (Jan 24)
- Re: Are we really this helpless? (Re: isprime DOS in progress) Eugeniu Patrascu (Jan 25)
- Re: Are we really this helpless? (Re: isprime DOS in progress) Eugeniu Patrascu (Jan 25)
- Re: Are we really this helpless? (Re: isprime DOS in progress) Brandon Galbraith (Jan 23)
- Re: Are we really this helpless? (Re: isprime DOS in progress) J.D. Falk (Jan 24)
- Re: Are we really this helpless? (Re: isprime DOS in progress) Seth Mattinen (Jan 24)
- RE: Are we really this helpless? (Re: isprime DOS in progress) Frank Bulk (Jan 23)
- Re: isprime DOS in progress Brian Keefer (Jan 23)
- Re: isprime DOS in progress Brian Keefer (Jan 24)
- Tracking the DNS amplification attacks (was: isprime DOS in progress) Brian Keefer (Jan 24)
- RE: Tracking the DNS amplification attacks (was: isprime DOS in progress) Frank Bulk (Jan 24)
- Re: Tracking the DNS amplification attacks (was: isprime DOS in progress) Brian Keefer (Jan 25)
- Re: Tracking the DNS amplification attacks (was: isprime DOS in progress) James Hess (Jan 25)
- Re: Tracking the DNS amplification attacks (was: isprime DOS in progress) Brian Keefer (Jan 27)
- Re: Tracking the DNS amplification attacks (was: isprime DOS in progress) Brian Keefer (Jan 27)
- Re: Tracking the DNS amplification attacks (was: isprime DOS inprogress) Xaver Aerni (Jan 27)
- Re: Tracking the DNS amplification attacks (was: isprime DOS in progress) Crist Clark (Jan 30)