nanog mailing list archives
Re: Best way to get foreign ISPs to shut down DDoS reflectors?
From: Damian Menscher via NANOG <nanog () nanog org>
Date: Thu, 23 Apr 2020 17:09:47 -0700
On Thu, Apr 23, 2020 at 3:26 PM Ca By <cb.list6 () gmail com> wrote:
On Thu, Apr 23, 2020 at 3:14 PM Compton, Rich A <Rich.Compton () charter com> wrote:Good luck with that. 😊 As Damian Menscher has presented at NANOG, even if we do an amazing job and shut down 99% of all DDoS reflectors, there will still be enough bandwidth to generate terabit size attacks. https://stats.cybergreen.net I think we need to instead collectively focus on stopping the spoofed traffic that allows these attacks to be generated in the first place. -RichThe bcp38 religion has failed to deliver the promised land for 20 years.
That's because it's been opt-in for thousands of ASNs. 1 spoofer is all you need to trigger all the reflectors.
A handful of transit providers is all you need to identify and filter all sources of spoofing. I do bcp38, i encourage others to as well, but i do not plan on it
unclogging the pipes in my lifetime. You will get more miles from ACL dropping and policing known bad traffic (most of udp)
Do you have 10 Tbps of spare ingress capacity? If not, you should re-think your strategy (which may simply include a playbook for how to explain the outage to your customers). Damian *From: *NANOG Email List <nanog-bounces () nanog org> on behalf of Bottiger <
bottiger10 () gmail com> *Date: *Thursday, April 23, 2020 at 3:32 PM *To: *Siyuan Miao <aveline () misaka io> *Cc: *NANOG list <nanog () nanog org> *Subject: *Re: Best way to get foreign ISPs to shut down DDoS reflectors? We are unable to upgrade our bandwidth in those areas. There are no providers within our budget there at the moment. Surely there must be some way to get them to respond. On Thu, Apr 23, 2020 at 2:23 PM Siyuan Miao <aveline () misaka io> wrote: It won't work. Get a good DDoS protection and forget about it. On Fri, Apr 24, 2020 at 5:17 AM Bottiger <bottiger10 () gmail com> wrote: Is there a guide on how to get foreign ISPs to shut down reflectors used in DDoS attacks? I've tried sending emails listed under abuse contacts for their regional registries. Either there is none listed, the email is full, email does not exist, or they do not reply. Same results when sending to whatever other email they have listed. Example Networks: CLARO S.A. Telefonica China Telecom Korea Telecom The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.
Current thread:
- Best way to get foreign ISPs to shut down DDoS reflectors? Bottiger (Apr 23)
- Re: Best way to get foreign ISPs to shut down DDoS reflectors? Siyuan Miao (Apr 23)
- Re: Best way to get foreign ISPs to shut down DDoS reflectors? Bottiger (Apr 23)
- Re: Best way to get foreign ISPs to shut down DDoS reflectors? Filip Hruska (Apr 23)
- Re: Best way to get foreign ISPs to shut down DDoS reflectors? Shawn L via NANOG (Apr 23)
- Re: Best way to get foreign ISPs to shut down DDoS reflectors? Compton, Rich A (Apr 23)
- Re: Best way to get foreign ISPs to shut down DDoS reflectors? William Herrin (Apr 23)
- Re: Best way to get foreign ISPs to shut down DDoS reflectors? Compton, Rich A (Apr 23)
- Re: Best way to get foreign ISPs to shut down DDoS reflectors? Ca By (Apr 23)
- Re: Best way to get foreign ISPs to shut down DDoS reflectors? Damian Menscher via NANOG (Apr 23)
- Re: Best way to get foreign ISPs to shut down DDoS reflectors? Bottiger (Apr 23)
- Re: Best way to get foreign ISPs to shut down DDoS reflectors? Bottiger (Apr 23)
- Re: Best way to get foreign ISPs to shut down DDoS reflectors? TJ Trout (Apr 23)
- Re: Best way to get foreign ISPs to shut down DDoS reflectors? Bottiger (Apr 24)
- Re: Best way to get foreign ISPs to shut down DDoS reflectors? Siyuan Miao (Apr 23)