Re: Best way to get foreign ISPs to shut down DDoS reflectors?

[TJ Trout <tj () pcguys us>]

Bottiger,

If what you are saying is true and can be backed by documentation, I would
start at the abuse contact for the offending 'Amplifier' and then start
working your way up the transits of the offending AS# until someone cuts
them off.
The Squeaky wheel gets the grease!

On Thu, Apr 23, 2020 at 3:33 PM Bottiger <bottiger10 () gmail com> wrote:

> There are many decent options for ddos protection in the US and Europe,
> however there are very few in Brazil and Asia that support BGP. Servers and
> bandwidth in these areas are much more expensive.
>
> Even though we are already doing anycast to split up the ddos attack, a
> majority of the attack traffic is now ending up in these expensive areas,
> and to top it off, these ISPs won't respond to abuse emails.
>
> It makes me wonder what the point of these abuse email are and if the
> regional registries have any power to force them to reply.
>
> On Thu, Apr 23, 2020 at 3:12 PM Compton, Rich A <Rich.Compton () charter com>
> wrote:
>
> > Good luck with that.  😊  As Damian Menscher has presented at NANOG,
> > even if we do an amazing job and shut down 99% of all DDoS reflectors,
> > there will still be enough bandwidth to generate terabit size attacks.
> > https://stats.cybergreen.net
> >
> > I think we need to instead collectively focus on stopping the spoofed
> > traffic that allows these attacks to be generated in the first place.
> >
> > -Rich
> >
> >
> >
> > *From: *NANOG Email List <nanog-bounces () nanog org> on behalf of Bottiger
> > <bottiger10 () gmail com>
> > *Date: *Thursday, April 23, 2020 at 3:32 PM
> > *To: *Siyuan Miao <aveline () misaka io>
> > *Cc: *NANOG list <nanog () nanog org>
> > *Subject: *Re: Best way to get foreign ISPs to shut down DDoS reflectors?
> >
> >
> >
> > We are unable to upgrade our bandwidth in those areas. There are no
> > providers within our budget there at the moment. Surely there must be some
> > way to get them to respond.
> >
> >
> >
> > On Thu, Apr 23, 2020 at 2:23 PM Siyuan Miao <aveline () misaka io> wrote:
> >
> > It won't work.
> >
> >
> >
> > Get a good DDoS protection and forget about it.
> >
> >
> >
> > On Fri, Apr 24, 2020 at 5:17 AM Bottiger <bottiger10 () gmail com> wrote:
> >
> > Is there a guide on how to get foreign ISPs to shut down reflectors used
> > in DDoS attacks?
> >
> >
> >
> > I've tried sending emails listed under abuse contacts for their regional
> > registries. Either there is none listed, the email is full, email does not
> > exist, or they do not reply. Same results when sending to whatever other
> > email they have listed.
> >
> >
> >
> > Example Networks:
> >
> >
> >
> > CLARO S.A.
> >
> > Telefonica
> >
> > China Telecom
> >
> > Korea Telecom
> >
> > The contents of this e-mail message and
> > any attachments are intended solely for the
> > addressee(s) and may contain confidential
> > and/or legally privileged information. If you
> > are not the intended recipient of this message
> > or if this message has been addressed to you
> > in error, please immediately alert the sender
> > by reply e-mail and then delete this message
> > and any attachments. If you are not the
> > intended recipient, you are notified that
> > any use, dissemination, distribution, copying,
> > or storage of this message or any attachment
> > is strictly prohibited.