Re: Cloudflare, dirty networks and politricks

[Ca By <cb.list6 () gmail com>]

On Thursday, July 28, 2016, Donn Lasher via NANOG <nanog () nanog org> wrote:

> On 7/28/16, 10:17 AM, "NANOG on behalf of J. Oquendo" <
> nanog-bounces () nanog org <javascript:;> on behalf of joquendo () e-fensive net
> <javascript:;>> wrote:
>
>
> > While many are chanting: #NetworkLivesMatter, I have yet
> > to see, read, or hear about any network provider being
> > the first to set precedence by either de-peering, or
> > blocking traffic from Cloudflare. There is a lot of
> > keyboard posturing: "I am mad and I am not going to take
> > it anymore" hooplah but no one is lifting a finger to
> > do anything other than regurgitate "I am mad... This is
> > criminal."
>
> (long discussion, was waiting for a place to jump in..)
>
> If we want to be accurate about it, Cloudflare doesn’t host the DDoS, they
> protect the website of seller of the product. We shouldn’t be de-peering
> Cloud Flare over sites they protect any more than we would de-peer GoDaddy
> over sites they host, some of which, no doubt, sell gray/black
> market/illegal items/services.
>
> If, on the other hand,  you can find a specific network actually
> generating the volumes of DDoS, you should have a conversation about
> de-peering….
>
> $0.02…
Agreed. Cloudflare is just the messenger

The ddos is coming from your ssdp, dns, and ntp servers. Not Cloudflare.

I see a lot of ddos traffic.

It is always udp

Comcast took a huge step in stemming the ssdp problem in their network,
http://labs.comcast.com/preventing-ssdp-abuse

Thanks Comcast!

But they still host tens of thousands, perhaps more, open dns resolvers
that attack us.