nanog mailing list archives
Re: ddos attack blog
From: Jared Mauch <jared () puck nether net>
Date: Thu, 13 Feb 2014 12:17:10 -0500
On Feb 13, 2014, at 12:06 PM, Cb B <cb.list6 () gmail com> wrote:
Good write up, includes name and shame for AT&T Wireless, IIJ, OVH, DTAG and others http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplification-ddos-attack Standard plug for http://openntpproject.org/ and http://openresolverproject.org/ and bcp38 , please fix/help. For those of you paying attention to the outage list, this is a pretty big deal that has had daily ramification for some very big networks https://puck.nether.net/pipermail/outages/2014-February/date.html In general, i think UDP is doomed to be blocked and rate limited -- tragedy of the commons. But, it would be nice if folks would just fix the root of the issue so the rest of us don't have go there...
While I'm behind some of the inventory projects (so you can go ahead and fix.. let me know if you need/want the URLs to see data for your networks)... I must provide credit to those behind the "Amplification Hell" talk at NDSS. If you are at all interested in what is going on, you should attend or review the content. http://www.internetsociety.org/ndss2014/programme BCP-38 on your customers is going to be critical to prevent the abuse reaching your network. Please ask your vendors for it, and ask for your providers to filter your network to prevent you originating this abuse. If you operate hosted VMs, servers, etc.. please make sure those netblocks are secured as well. You can easily check your network (As can the bad guys!) here: http://spoofer.cmand.org/ - Jared
Current thread:
- ddos attack blog Cb B (Feb 13)
- Re: ddos attack blog Jared Mauch (Feb 13)
- Re: ddos attack blog Paul Ferguson (Feb 13)
- Re: ddos attack blog John (Feb 13)
- Re: ddos attack blog Jared Mauch (Feb 13)
- Re: ddos attack blog Mark Tinka (Feb 14)
- Re: ddos attack blog Wayne E Bouchard (Feb 14)
- Permitting spoofed traffic [Was: Re: ddos attack blog] Paul Ferguson (Feb 14)
- Re: Permitting spoofed traffic [Was: Re: ddos attack blog] Joe Provo (Feb 14)
- Re: Permitting spoofed traffic [Was: Re: ddos attack blog] Paul Ferguson (Feb 14)
- Re: Permitting spoofed traffic [Was: Re: ddos attack blog] Jeff Kell (Feb 14)
- Re: ddos attack blog Jared Mauch (Feb 13)
- Message not available
- Re: Permitting spoofed traffic [Was: Re: ddos attack blog] Larry Sheldon (Feb 14)