Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

[Ca By <cb.list6 () gmail com>]

On Sunday, September 25, 2016, Jay Farrell via NANOG <nanog () nanog org>
wrote:

> And of course Brian Krebs has a thing or two to say, not the least is which
> to push for BCP38 (good luck with that, right?).
>
> https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/

Yeh, bcp38 is not a viable solution.

As long as their is one spoof capable network on the net, the problem will
not be solved. While bcp38 is a true bcp, it is not a solution. It will
not, and has not, moved the needle.

A solution is aggregating the telemetry of source IP addresses in the
botnet and assigning blame and liability to the owners of the IP addresses
/ host ASN.

The networks can then use AUP to shutdown the bot members.

As where http://openntpproject.org/ was a proactive approach, Kreb's data
can be reactive approach. And since the data is evidence of a crime, the
network operators can enforce the AUP. The attack did happen. This ip was
involved. Remediation is required.




> From there, the host ASN can

> On Sun, Sep 25, 2016 at 12:43 AM, Jay R. Ashworth <jra () baylink com
> <javascript:;>> wrote:
>
> > ----- Original Message -----
> > > From: "Jay Farrell via NANOG" <nanog () nanog org <javascript:;>>
> >
> > > And of course on windows ipconfig /flushdns
> > >
> > > Still I had to wait for my corporate caching servers to update; I think
> > the
> > > TTL on the old A record was an hour.
> >
> > Are big eyeball networks still flooring A record TTLs on resolution?
> >
> > Cheers,
> > -- jra
> > --
> > Jay R. Ashworth                  Baylink
> > jra () baylink com <javascript:;>
> > Designer                     The Things I Think                       RFC
> > 2100
> > Ashworth & Associates       http://www.bcp38.info          2000 Land
> > Rover DII
> > St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647
> > 1274