nanog mailing list archives
Re: DDOS solution recommendation
From: Pavel Odintsov <pavel.odintsov () gmail com>
Date: Sun, 11 Jan 2015 19:52:02 +0400
Hello! If you speaking about ISP "filtering" you should check your subnets and ASN here: https://radar.qrator.net I was really amazed amount of DDoS bots/amplificators in my network. On Sun, Jan 11, 2015 at 6:47 PM, Michael Hallgren <m.hallgren () free fr> wrote:
Le 11/01/2015 14:50, Patrick W. Gilmore a écrit :I agree with lots said here. But I've said for years (despite some people saying I am confused) that BCP38 is the single most important thing we can do to cut DDoS. No spoofed source means no amplification. It also stops things like Kaminsky DNS attacks. There is no silver bullet. Security is a series of steps ("layers" as one highly respected security professional has in his .sig). But the most important layer, the biggest bang for the buck we can do today, is eliminated spoofed source. Push on your providers. Stop paying for transit from networks that do not filter ingress, put it in your RFPs, and reward those who do with contracts. Make it economically advantageous to fix the problem, and people will.+1 mh
-- Sincerely yours, Pavel Odintsov
Current thread:
- Re: DDOS solution recommendation, (continued)
- Re: DDOS solution recommendation Sathya Varadharajan (Jan 10)
- Message not available
- Re: DDOS solution recommendation Hank Nussbacher (Jan 11)
- Re: DDOS solution recommendation Mike Hammett (Jan 11)
- Re: DDOS solution recommendation Roland Dobbins (Jan 11)
- Re: DDOS solution recommendation Mike Hammett (Jan 11)
- Re: DDOS solution recommendation Patrick W. Gilmore (Jan 11)
- Re: DDOS solution recommendation Roland Dobbins (Jan 11)
- Re: DDOS solution recommendation Mike Hammett (Jan 11)
- Re: DDOS solution recommendation Job Snijders (Jan 11)
- Re: DDOS solution recommendation Michael Hallgren (Jan 11)
- Re: DDOS solution recommendation Pavel Odintsov (Jan 11)
- Re: DDOS solution recommendation Roland Dobbins (Jan 11)
- Re: DDOS solution recommendation Michael Hallgren (Jan 11)
- Re: DDOS solution recommendation Roland Dobbins (Jan 11)
- Re: DDOS solution recommendation Mike Hammett (Jan 11)
- Re: DDOS solution recommendation Roland Dobbins (Jan 11)
- Re: DDOS solution recommendation Valdis . Kletnieks (Jan 11)
- Re: DDOS solution recommendation Roland Dobbins (Jan 11)
- Re: DDOS solution recommendation Mike Hammett (Jan 11)
- Re: DDOS solution recommendation Phil Bedard (Jan 11)
- Re: DDOS solution recommendation Patrick W. Gilmore (Jan 11)
- Re: DDOS solution recommendation Mike Hammett (Jan 11)