nanog mailing list archives
Re: TWC (AS11351) blocking all NTP?
From: Damian Menscher <damian () google com>
Date: Tue, 4 Feb 2014 11:54:52 -0800
On Tue, Feb 4, 2014 at 11:08 AM, Doug Barton <dougb () dougbarton us> wrote:
The answer is lawsuits. People who are damaged by DDOS need to file suit against the networks that allowed the spoofed packets. Once it becomes more expensive to allow the spoofing (due to both damages and legal bills) than it is to prevent it, people will work harder to prevent it.
+1 for this. While lawsuits rarely improve a situation, I agree it's probably the only way to shift costs back to the bad networks. But then the problem shifts to one of detection and tracing. The bad networks can only be identified if the transit providers have netflow. When I ask transit providers to trace spoofed packets they either don't respond or claim their netflow was temporarily broken. It's not just transit providers, though -- many spoofed attacks come through IXPs. To help, the IXPs need to provide sflow that shows which peers traffic is coming from. I've seen some basic functionality at AMS-IX for this, but unfortunately it's just rrd graphs, not full data. Still, they're better than most. And then the IXPs need to have a policy forbidding spoofed packets. Damian
Current thread:
- Re: BCP38 is hard, was TWC (AS11351) blocking all NTP?, (continued)
- Re: BCP38 is hard, was TWC (AS11351) blocking all NTP? William Herrin (Feb 04)
- Re: BCP38 is hard, was TWC (AS11351) blocking all NTP? John Levine (Feb 04)
- Re: BCP38 is hard, was TWC (AS11351) blocking all NTP? Mark Andrews (Feb 04)
- Re: BCP38 is hard, was TWC (AS11351) blocking all NTP? Randy Bush (Feb 04)
- Re: BCP38 is hard, was TWC (AS11351) blocking all NTP? Jay Ashworth (Feb 04)
- Re: BCP38 is hard, was TWC (AS11351) blocking all NTP? Saku Ytti (Feb 05)
- Re: BCP38 is hard, was TWC (AS11351) blocking all NTP? Jared Mauch (Feb 05)
- Re: BCP38 is hard, was TWC (AS11351) blocking all NTP? Saku Ytti (Feb 05)
- Re: BCP38 is hard, was TWC (AS11351) blocking all NTP? Octavio Alvarez (Feb 04)
- Re: BCP38 is hard, was TWC (AS11351) blocking all NTP? Mark Andrews (Feb 04)
- Re: TWC (AS11351) blocking all NTP? Damian Menscher (Feb 04)
- Re: TWC (AS11351) blocking all NTP? John R. Levine (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Jared Mauch (Feb 03)
- Re: TWC (AS11351) blocking all NTP? John R. Levine (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Joe Greco (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Valdis . Kletnieks (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Doug Barton (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Majdi S. Abbas (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Doug Barton (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Blake Dunlap (Feb 04)