nanog mailing list archives
Re: TWC (AS11351) blocking all NTP?
From: Laszlo Hanyecz <laszlo () heliacal net>
Date: Tue, 4 Feb 2014 19:01:51 +0000
I was joking, I meant that the operator provides an API for attackers, so they can accomplish their goal of taking the customer offline, without having to spoof or flood or whatever else. Automatically installing ACLs in response to observed flows accomplishes almost the same thing. As a concrete example, say a customer is running a game server that utilizes UDP port 12345. An attacker sends a large flow to customer:12345 and your switches and routers all start filtering anything with destination customer:12345, for say 2 hours. Then the attacker can just repeat in 2 hours and send only a few seconds worth of flooding each time. On Feb 4, 2014, at 6:52 PM, William Herrin <bill () herrin us> wrote:
On Tue, Feb 4, 2014 at 1:45 PM, Laszlo Hanyecz <laszlo () heliacal net> wrote:Why not just provide a public API that lets users specify which of your customers they want to null route?They're spoofed packets. There's no way for anyone outside your AS to know which of your customers the packets came from. It's not particularly easy to trace inside your AS either. Regards, Bill Herrin -- William D. Herrin ................ herrin () dirtside com bill () herrin us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
Current thread:
- Re: TWC (AS11351) blocking all NTP?, (continued)
- Re: TWC (AS11351) blocking all NTP? Peter Phaal (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Christopher Morrow (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Glen Turner (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Christopher Morrow (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Jay Ashworth (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Peter Phaal (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Christopher Morrow (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Laszlo Hanyecz (Feb 04)
- Re: TWC (AS11351) blocking all NTP? William Herrin (Feb 04)
- Re: TWC (AS11351) blocking all NTP? Christopher Morrow (Feb 04)
- Re: TWC (AS11351) blocking all NTP? Laszlo Hanyecz (Feb 04)
- Re: TWC (AS11351) blocking all NTP? William Herrin (Feb 04)
- Re: TWC (AS11351) blocking all NTP? Dobbins, Roland (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Stephane Bortzmeyer (Feb 03)
- BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Paul Ferguson (Feb 03)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Cb B (Feb 03)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Jay Ashworth (Feb 03)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] jamie rishaw (Feb 06)
- Re: TWC (AS11351) blocking all NTP? William Herrin (Feb 04)
- Re: TWC (AS11351) blocking all NTP? Jared Mauch (Feb 04)
- Re: TWC (AS11351) blocking all NTP? William Herrin (Feb 04)