nanog mailing list archives

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

From: Ca By <cb.list6 () gmail com>
Date: Sun, 25 Sep 2016 10:41:12 -0700

On Sunday, September 25, 2016, John Levine <johnl () iecc com> wrote:

Yeh, bcp38 is not a viable solution.


Krebs said this DDoS came from insecure IoT devices, of which there
are a kazillion, with the numbers growing every day.  Why would they
need to spoof IPs?  How would BCP38 help?

R's,
John


Worth reading to level set

 https://www.internetsociety.org/sites/default/files/01_5.pdf

The attack is triggered by a few spoofs somewhere in the world. It is not
feasible to stop this.

The attack traffic that blows up to 600gbs is from traceable iot crap , the
victim knows who is sending the packers (iot crap) and the access network
(comcast, att ...) has the AUP authority to shut it down.

One by one.

Or automated.

Please see https://www.ietf.org/rfc/rfc6561.txt

Current thread:

Re: BCP38 deployment [ was Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey ], (continued)
- - - Re: BCP38 deployment [ was Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey ] Vincent Bernat (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Milhollan (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Royce Williams (Sep 26)
    - Message not available
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Kristoff (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mike Hammett (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Jay R. Ashworth (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mike Hammett (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Levine (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John R. Levine (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Hugo Slabbert (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Levine (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Livingood, Jason (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Christopher Morrow (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Roland Dobbins (Sep 26)

(Thread continues...)