nanog mailing list archives
Re: DDOS solution recommendation
From: Mike Hammett <nanog () ics-il net>
Date: Sun, 11 Jan 2015 09:21:13 -0600 (CST)
To quote a presentation I heard at a conference regarding small routers, "Buy bigger rooters, bitches." (Yes, I know it isn't that simple, but most of the audience at that conference had purchasing authority.) Not all networks are doing what they're supposed to be (I'm on that list), but if no one ever does anything because not everyone else is, then nothing ever gets done. I'm not saying what you're doing is wrong, I'm saying whatever the industry as a whole is doing obviously isn't working and perhaps a different approach is required. Security teams? My network has me, myself and I. If for example ChinaNet's abuse department isn't doing anything about complains, eventually their whole network gets blocked a /32 at a time. *shrugs* Their loss. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com ----- Original Message ----- From: "Roland Dobbins" <rdobbins () arbor net> To: nanog () nanog org Sent: Sunday, January 11, 2015 7:51:59 AM Subject: Re: DDOS solution recommendation On 11 Jan 2015, at 20:46, Mike Hammett wrote:
Enough people blackhole the attacking IPs, those IPs are eventually going to have a very limited view of the Internet.
TCAMs have limits. Not all networks practice anti-spoofing. Not all networks have any visibility whatsoever into their network traffic. Not all networks have security teams. Again, it would probably be advisable to do some reading before you start telling those of us who've been working on this set of problems for the last couple of decades that it's simple, and that we don't know what we're doing. ----------------------------------- Roland Dobbins <rdobbins () arbor net>
Current thread:
- Re: DDOS solution recommendation, (continued)
- Re: DDOS solution recommendation Roland Dobbins (Jan 11)
- Re: DDOS solution recommendation Mike Hammett (Jan 11)
- Re: DDOS solution recommendation Patrick W. Gilmore (Jan 11)
- Re: DDOS solution recommendation Roland Dobbins (Jan 11)
- Re: DDOS solution recommendation Mike Hammett (Jan 11)
- Re: DDOS solution recommendation Job Snijders (Jan 11)
- Re: DDOS solution recommendation Michael Hallgren (Jan 11)
- Re: DDOS solution recommendation Pavel Odintsov (Jan 11)
- Re: DDOS solution recommendation Roland Dobbins (Jan 11)
- Re: DDOS solution recommendation Michael Hallgren (Jan 11)
- Re: DDOS solution recommendation Roland Dobbins (Jan 11)
- Re: DDOS solution recommendation Mike Hammett (Jan 11)
- Re: DDOS solution recommendation Roland Dobbins (Jan 11)
- Re: DDOS solution recommendation Valdis . Kletnieks (Jan 11)
- Re: DDOS solution recommendation Roland Dobbins (Jan 11)
- Re: DDOS solution recommendation Mike Hammett (Jan 11)
- Re: DDOS solution recommendation Phil Bedard (Jan 11)
- Re: DDOS solution recommendation Patrick W. Gilmore (Jan 11)
- Re: DDOS solution recommendation Mike Hammett (Jan 11)
- Re: DDOS solution recommendation Patrick W. Gilmore (Jan 11)
- Re: DDOS solution recommendation Mike Hammett (Jan 11)
- Re: DDOS solution recommendation Damian Menscher (Jan 11)