nanog mailing list archives
Re: Staring Down the Armada Collective
From: dennis <dennis () justipit com>
Date: Fri, 04 Dec 2015 08:21:01 -0500
I agree Protonmail took a stance and believe many others can learn from their experience. But let's not over simplify
the problem. According to their blogs the attacks were over 100G and went on for hours at a time over several days.
Attacks can go on for days and months. Protonmail found themselves up against varying attack tactics and ultimately
took a defense in depth approach to mitigate the attack.
Null routing original ip completes the attack, game over , sever is down. Granted this can help prevent colateral
damages. Combined with proxies can work well for dns redirect to route through cloud scrubbing but these solutions can
add latency and impact legitimate traffic also. With redirection there is also the complexity of TLS/SSL (certificate
management, privacy, etc.) And then you must also consider ip based (non proxied) targets. These dns redirect/proxy
methods don't handle ip based attack targets and cause the need to swing ip prefixes via bgp. Bottom line, attackers
can impact the infrastructure by varying their tactics and the approach should be well thought out and multilayered.
Sent via the Samsung GALAXY S® 5, an AT&T 4G LTE smartphone
-------- Original message --------
From: Lyndon Nerenberg <lyndon () orthanc ca>
Date: 12/4/2015 12:14 AM (GMT-05:00)
To: North American Network Operators' Group <nanog () nanog org>
Subject: Re: Staring Down the Armada Collective
On Dec 3, 2015, at 6:28 PM, Lyndon Nerenberg <lyndon () orthanc ca> wrote:
Are we perhaps, finally, reaching the cusp where everyone has realized that if we all, collectively, tell the rodents to f*** off, they just might?
I should also mention that, despite their bluster, they can't keep it up for more than half an hour. By then, the upstream networks have figured it out and have null routed anything of consequence - far upstream. Meanwhile, back haul your traffic in via a private network and they won't be able to do shit to you. (E.g. the standard Cloudflare model.) They are not as smart as they make themselves out to be. Don't let fear drive your decisions. --lyndon
Current thread:
- Staring Down the Armada Collective Lyndon Nerenberg (Dec 03)
- Re: Staring Down the Armada Collective Roland Dobbins (Dec 03)
- Re: Staring Down the Armada Collective Lyndon Nerenberg (Dec 03)
- Re: Staring Down the Armada Collective Lyndon Nerenberg (Dec 03)
- <Possible follow-ups>
- Re: Staring Down the Armada Collective dennis (Dec 04)