nanog mailing list archives
Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours
From: Pavel Odintsov <pavel.odintsov () gmail com>
Date: Tue, 21 Jul 2015 14:55:22 +0300
Hello, folks! Could anybody tun my toolkit https://github.com/FastVPSEestiOu/fastnetmon with collect_attack_pcap_dumps = on option agains this attack type? With pcap dump we could do detailed analyze and share all details with Community. On Tue, Jul 21, 2015 at 2:16 PM, Jared Mauch <jared () puck nether net> wrote:
I'm reminded of the "the russians are hacking our water system" stories from a few years back, when it turned out the water system adminstrator was on vacation in russia. often traffic comes from unexpected locations. perhaps you should fail-closed with good business practices to open things up. perhaps you fail-open then mitigate risk by using a blocklist. my suggestion is that if you didn't live through the days of the bogon lists, which were later allocated to RIRs, a block list is likely not the right approach if you truly working on security posture. - Jared On Mon, Jul 20, 2015 at 09:50:44PM +0100, Colin Johnston wrote:blocking to mitigate risk is a better trade off gaining better percentage legit traffic against a indventant minor valid good network range. Sent from my iPhoneOn 20 Jul 2015, at 21:20, Valdis.Kletnieks () vt edu wrote: On Mon, 20 Jul 2015 21:12:33 +0100, Colin Johnston said:source user to use phone contact and or postal service to establish contactAnd your phone and postal addresses are listed *where* that Joe Aussie-Sixpack is likely to be able to find? (Hint 1: If it's on your website, they can't find it.) (Hint 2: Mortal users have never heard of WHOIS or similar services) And what are the chances that after 3-4 days of unreachable, the user will simply conclude you've gone out of business and you've lost a customer/reader to a competitor?-- Jared Mauch | pgp key available via finger from jared () puck nether net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
-- Sincerely yours, Pavel Odintsov
Current thread:
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours, (continued)
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Bryan Tong (Jul 20)
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Colin Johnston (Jul 20)
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Valdis . Kletnieks (Jul 20)
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Colin Johnston (Jul 20)
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Valdis . Kletnieks (Jul 20)
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Colin Johnston (Jul 20)
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Valdis . Kletnieks (Jul 20)
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Colin Johnston (Jul 20)
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours mikea (Jul 20)
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Jared Mauch (Jul 21)
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Pavel Odintsov (Jul 21)
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Justin M. Streiner (Jul 22)
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Stephen Satchell (Jul 23)
- RE: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Nicholas Warren (Jul 23)
- RE: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Justin M. Streiner (Jul 23)
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Ca By (Jul 23)
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Valdis . Kletnieks (Jul 23)
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Mike Hammett (Jul 21)
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Christopher Morrow (Jul 20)
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours ML (Jul 20)
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Colin Johnston (Jul 20)