nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Getting hit hard by CHINANET

From: "Eric Rogers" <ecrogers () precisionds com>
Date: Wed, 18 Mar 2015 08:32:22 -0400
We are using Mikrotik for a BGP blackhole server that collects BOGONs
from CYMRU and we also have our servers (web, email, etc.) use fail2ban
to add a bad IP to the Mikrotik.  We then use BGP on all our core
routers to null route those IPs.

The ban-time is for a few days, and totally dynamic, so it isn't a
permanent ban.  Seems to have cut down on the attempts considerably.

Eric Rogers
PDSConnect
www.pdsconnect.me
(317) 831-3000 x200


-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Roland Dobbins
Sent: Wednesday, March 18, 2015 6:04 AM
To: nanog () nanog org
Subject: Re: Getting hit hard by CHINANET


On 18 Mar 2015, at 17:00, Roland Dobbins wrote:


This is not an optimal approach, and most providers are unlikely to 
engage in such behavior due to its potential negative impact (I'm 
assuming you mean via S/RTBH and/or flowspec).


Here's one counterexample:

<https://ripe68.ripe.net/presentations/176-RIPE68_JSnijders_DDoS_Damage_
Control.pdf>

-----------------------------------
Roland Dobbins <rdobbins () arbor net>
Previous By Date Next
Previous By Thread Next

Current thread: