nanog mailing list archives
Re[2]: Thank you, Comcast.
From: Adam <adam () arfmail com>
Date: Fri, 26 Feb 2016 21:07:51 +0000
I'd expect the Colo's to start "locking this down" about the same time I'd expect ISP's to start implementing BCP38 in earnest.
Adam ------ Original Message ------ From: "Dovid Bender" <dovid () telecurve com> To: "Damian Menscher" <damian () google com>Cc: "Mody, Nirmal" <Nirmal_Mody () cable comcast com>; "NANOG list" <nanog () nanog org>
Sent: 2/26/2016 3:43:34 PM Subject: Re: Thank you, Comcast.
Lawsuits? There is no reason the dedicated server I have with a 100meg pipe for $65.00 per month is able to spoof IP's. The colo's should be doing a better job to lock this down.Regards, Dovid -----Original Message----- From: Damian Menscher <damian () google com> Date: Fri, 26 Feb 2016 11:47:43 To: Dovid B<dovid () telecurve com>Cc: Jared Mauch<jared () puck nether net>; Jason Livingood<Jason_Livingood () cable comcast com>; Mody, Nirmal<Nirmal_Mody () cable comcast com>; NANOG list<nanog () nanog org>Subject: Re: Thank you, Comcast. "We all know..." followed by a false statement is amusing. A significant portion of spoofing originates from North America. In a recent attack I'm reviewing, the top sources of spoofing were thesouthwestern US, the northwestern US, and east Asia (and almost none fromEurope). If ISPs understood how to collect and review netflow we might get somewhere... why is this so hard, and how do we fix it? DamianOn Fri, Feb 26, 2016 at 10:48 AM, Dovid Bender <dovid () telecurve com> wrote:We all know what countries this traffic is coming from. While you canthreaten the local ISP's the ones over seas where the traffic is comingfrom won't care. Regards, Dovid -----Original Message----- From: Damian Menscher via NANOG <nanog () nanog org>Sender: "NANOG" <nanog-bounces () nanog org>Date: Fri, 26 Feb 2016 08:02:52To: Jared Mauch<jared () puck nether net>; Jason Livingood< Jason_Livingood () cable comcast com>; Mody, Nirmal< Nirmal_Mody () cable comcast com> Reply-To: Damian Menscher <damian () google com> Cc: NANOG list<nanog () nanog org> Subject: Re: Thank you, Comcast. On Fri, Feb 26, 2016 at 6:28 AM, Jared Mauch <jared () puck nether net> wrote:> As a community we need to determine if this background radiation andthese> responses are proper. I think it's a good response since vendors can't do > uRPF at line rate and the major purchasers of BCM switches don't ask forit > and aren't doing it, so it's not optimized or does not exist. /sigh > I don't agree with the approach of going after individual reflectors(open*project) or blocking specific ports (Comcast's action here) as bothare reactive, unlikely to be particularly effective (there are stillmillions of reflectors and plenty of open ports available), and don't solve the root problem (spoofed packets making it onto the public internet).What I'd much rather see Comcast do is use their netflow to trace thesource of the spoofed packets (one of their peers or transit providers, no doubt) and strongly encourage (using their legal or PR team as needed) them to trace back and stop the spoofing. This benefits everyone in a much more direct and scalable way. Until some of the larger providers start doingthat, amplification attacks and other spoofed-source attacks (DNS and synfloods) will continue to thrive.(I've contacted several ISPs about the spoofed traffic they send to us. The next major hurdle is that so many don't have netflow or other usefulmonitoring of their networks....) Damian
Current thread:
- Re: Thank you, Comcast., (continued)
- Re: Thank you, Comcast. Roland Dobbins (Feb 26)
- Re: Thank you, Comcast. Mikael Abrahamsson (Feb 26)
- Re: Thank you, Comcast. Maxwell Cole (Feb 26)
- Re: Thank you, Comcast. Jared Mauch (Feb 26)
- Re: Thank you, Comcast. Damian Menscher via NANOG (Feb 26)
- Re: Thank you, Comcast. Roland Dobbins (Feb 26)
- Re: Thank you, Comcast. Dovid Bender (Feb 26)
- Re: Thank you, Comcast. Jared Mauch (Feb 26)
- Re: Thank you, Comcast. Damian Menscher via NANOG (Feb 26)
- Re: Thank you, Comcast. Dovid Bender (Feb 26)
- Re[2]: Thank you, Comcast. Adam (Feb 26)
- RE: Thank you, Comcast. Keith Medcalf (Feb 26)
- Re: Thank you, Comcast. Livingood, Jason (Feb 26)
- RE: Thank you, Comcast. Keith Medcalf (Feb 26)
- Re: Thank you, Comcast. Mike Hammett (Feb 26)
- RE: Thank you, Comcast. Naslund, Steve (Feb 26)
- RE: Thank you, Comcast. Keith Medcalf (Feb 26)
- Re: Thank you, Comcast. Mike Hammett (Feb 26)
- RE: Thank you, Comcast. Keith Medcalf (Feb 26)
- Re: Thank you, Comcast. Rich Kulawiec (Feb 27)
- Re: Thank you, Comcast. Mike Hammett (Feb 27)