nanog mailing list archives
Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC
From: Damian Menscher via NANOG <nanog () nanog org>
Date: Mon, 27 Jan 2020 17:49:18 -0800
On Mon, Jan 27, 2020 at 5:43 PM Töma Gavrichenkov <ximaera () gmail com> wrote:
On Tue, Jan 28, 2020, 4:32 AM Damian Menscher <damian () google com> wrote:On Mon, Jan 27, 2020 at 5:10 PM Töma Gavrichenkov <ximaera () gmail com> wrote:If this endpoint doesn't connect to anything outside of their network, then yes. If it does though, the design of the filter might become more complicated.Not really... just requires sorting by volume. Turns out most legitimate hosts don't send high-volume syn packets. ;)This is a good *detection* technique, but you cannot filter by volume in transit if the set of destinations is large (and random) enough, and you don't have a time machine. Not sure if this is the case but might as well be.
They don't need to filter by destination. Once a problem customer has been identified, they can apply an ACL restricting them to only originate IPs they own. This was all covered in my talk at NANOG last year: https://pc.nanog.org/static/published/meetings//NANOG76/daily/day_2.html#talk_1976 As for the detection of the real source, everything is technically possible
but you need certain bargaining power which a medium-sized (at best) VPN service probably doesn't have.
True, but there are ways around that, including public shaming (here), or involving law enforcement. Damian
Current thread:
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC, (continued)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Dobbins, Roland (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Mike Hammett (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Ben Cannon (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Mike Hammett (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Damian Menscher via NANOG (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Damian Menscher via NANOG (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Damian Menscher via NANOG (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Jean | ddostest.me via NANOG (Jan 28)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Jared Mauch (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Dobbins, Roland (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Dobbins, Roland (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 28)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Dobbins, Roland (Jan 28)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Tom Beecher (Jan 28)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 28)