nanog mailing list archives

Re: Host.us DDOS attack -and- related conversations

From: Alain Hebert <ahebert () pubnix net>
Date: Wed, 3 Aug 2016 11:06:29 -0400

    Well,

    I didn't want to pollute nanog list with my BCP38 (or other
solutions) ranting, but come on:

[1] How can insuring source IP's, coming out your network, are part of
your advertised subnets pathetic and futile?

    Don't you think if the source ip are traceable back to OVH actually,
it would be easy for OVH to see and deal with it, instead of noises with
random source IP coming from the bunch of un-patched residential routers
in Latin America's (for example)?

    And we're back on track with "do nothing but pay for protection" as
the only solution.  Gotta love Humans.

-----
Alain Hebert                                ahebert () pubnix net   
PubNIX Inc.        
50 boul. St-Charles
P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443

On 08/03/16 10:40, James Bensley wrote:

On 3 August 2016 at 15:16, Alain Hebert <ahebert () pubnix net> wrote:

    PS:

        I will like to take this time to underline the lack of
participation from a vast majority of ISPs into BCP38 and the like.  We
need to keep educating them at every occasion we have.

        For those that actually implemented some sort of tech against
it, you are a beacon of hope in what is a ridiculous situation that has
been happening for more than 15 years.


At the risk of starting a "NANOG war" [1], BCP isn't a magic wand.

If I find a zero day in the nasty customised kernels that OVH run on
their clients boxes, I only need 300 compromised hosts to send 300Gbps
of traffic without spoofing the IP or using amplification attacks [2].

I can rent a server with a 10Gbps connection for 1 hour for a few
quid/dollars. I could generate hundreds of Gbps of traffic for about
£1000 from legitimate IPs, paid for with stolen card details. How will
BCP save you then? Can everyone stop praising it like it was a some
magic bullet?

James.


[1] A pathetic and futile one, so different from the rest.

[2] Subsitute OVH for any half decent provider that isn't really oversubscribed.

Current thread:

Re: Host.us DDOS attack -and- related conversations, (continued)
- - - Re: Host.us DDOS attack -and- related conversations Christopher Morrow (Aug 04)
  - Re: Host.us DDOS attack -and- related conversations Ca By (Aug 03)
    - Re: Host.us DDOS attack -and- related conversations Alain Hebert (Aug 03)
    - Re: Host.us DDOS attack -and- related conversations Ca By (Aug 03)
    - Re: Host.us DDOS attack -and- related conversations Mike Hammett (Aug 03)
    - Re: Host.us DDOS attack -and- related conversations Valdis . Kletnieks (Aug 03)
    - Re: Host.us DDOS attack -and- related conversations Mike Hammett (Aug 03)
  - Re: Host.us DDOS attack -and- related conversations James Bensley (Aug 03)
    - Re: Host.us DDOS attack -and- related conversations Christopher Morrow (Aug 03)
    - Re: Host.us DDOS attack -and- related conversations Ca By (Aug 03)
    - Re: Host.us DDOS attack -and- related conversations Alain Hebert (Aug 03)
    - Re: Host.us DDOS attack -and- related conversations Mike Hammett (Aug 03)
- RE: Host.us DDOS attack Tony Wicks (Aug 03)
  - RE: Host.us DDOS attack Tony Wicks (Aug 03)
    - Re: Host.us DDOS attack Jason Canady (Aug 03)