nanog mailing list archives
Re: Death of the Internet, Film at 11
From: Mike Hammett <nanog () ics-il net>
Date: Sat, 22 Oct 2016 10:08:48 -0500 (CDT)
Not trolling in the least. I'm genuinely trying my best to help the greater community. Agreed on ShadowServer. I get their reports and I recommend others do the same. Oh, okay, I responded to someone that said: ===== Every network operator who can do so, please raise your hand if you have *recently* scanned you own network and if you can -honestly- attest that you have taken all necessary steps to insure that none of the numerous specific types of CCVT thingies that Krebs and others identified weeks or months ago as being fundamentally insecure can emit a single packet out onto the public Internet. ===== That's the direction I was heading. How can I as a network operator seek out and eliminate the sources of these attacks? ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Brandon Butterworth" <brandon () rd bbc co uk> To: nanog () ics-il net Cc: nanog () nanog org Sent: Saturday, October 22, 2016 10:02:42 AM Subject: Re: Death of the Internet, Film at 11
From nanog-bounces () nanog org Sat Oct 22 15:51:34 2016 If they are easy to trace, then it should be easy for you to tell me how to find them on my network.
Not sure if you're trolling now, apologies if what I wrote wasn't clear. If you did want to find them before they attack then you could scan for them, the miscreants already did and easily found them. For some attack vectors there are services that are doing it for you, see the excellent https://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork
The addresses being known to them doesn't help me at all clean up my network or help other networks clean up theirs.
Did you read my whole mail? The suggestion is people who get attacked tell the ISPs of the devices doing the attacking
It would be rather difficult for me (and I'm sure many other operators) to distinguish normal Dyn traffic from DDoS Dyn traffic.
I was not suggesting you try and guess, I was suggesting you be given data from actual attacks. brandon
Current thread:
- Re: Death of the Internet, Film at 11, (continued)
- Re: Death of the Internet, Film at 11 Chris Boyd (Oct 25)
- Re: Death of the Internet, Film at 11 Rich Kulawiec (Oct 25)
- Message not available
- Re: Death of the Internet, Film at 11 Larry Sheldon (Oct 25)
- Re: Death of the Internet, Film at 11 Valdis . Kletnieks (Oct 25)
- Re: Death of the Internet, Film at 11 Brandon Butterworth (Oct 22)
- Re: Death of the Internet, Film at 11 Mike Hammett (Oct 22)
- Re: Death of the Internet, Film at 11 Rich Kulawiec (Oct 22)
- Re: Death of the Internet, Film at 11 Brandon Butterworth (Oct 22)
- Re: Death of the Internet, Film at 11 Mike Hammett (Oct 22)
- Re: Death of the Internet, Film at 11 Brandon Butterworth (Oct 22)
- Re: Death of the Internet, Film at 11 Mike Hammett (Oct 22)
- Re: Death of the Internet, Film at 11 David Conrad (Oct 22)
- Re: Death of the Internet, Film at 11 Florian Weimer (Oct 23)
- Re: Death of the Internet, Film at 11 Mike Hammett (Oct 22)
- Re: FW: Death of the Internet, Film at 11 Jean-Francois Mezei (Oct 22)
- Re: FW: Death of the Internet, Film at 11 Ronald F. Guilmette (Oct 23)
- RE: Death of the Internet, Film at 11 Josh Reynolds (Oct 22)
- Re: Death of the Internet, Film at 11 Florian Weimer (Oct 23)