nanog mailing list archives
Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey
From: Mike Hammett <nanog () ics-il net>
Date: Sun, 25 Sep 2016 09:50:54 -0500 (CDT)
I've heard people say doing BCP38 is hard for big networks and it is if you do it at your provider\peering edges. It's easier if done at the customer edge. Simply don't allow the traffic onto your network to start with. Limit the spoofing attacks to just a single random ASN. How much smaller is the attack than it is now with hundreds or thousands of them? ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Ca By" <cb.list6 () gmail com> To: "Jay Farrell" <jayfar () jayfar com> Cc: "North American Network Operators' Group" <nanog () nanog org> Sent: Sunday, September 25, 2016 9:36:18 AM Subject: Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey On Sunday, September 25, 2016, Jay Farrell via NANOG <nanog () nanog org> wrote:
And of course Brian Krebs has a thing or two to say, not the least is which to push for BCP38 (good luck with that, right?). https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/
Yeh, bcp38 is not a viable solution. As long as their is one spoof capable network on the net, the problem will not be solved. While bcp38 is a true bcp, it is not a solution. It will not, and has not, moved the needle. A solution is aggregating the telemetry of source IP addresses in the botnet and assigning blame and liability to the owners of the IP addresses / host ASN. The networks can then use AUP to shutdown the bot members. As where http://openntpproject.org/ was a proactive approach, Kreb's data can be reactive approach. And since the data is evidence of a crime, the network operators can enforce the AUP. The attack did happen. This ip was involved. Remediation is required.
From there, the host ASN can
On Sun, Sep 25, 2016 at 12:43 AM, Jay R. Ashworth <jra () baylink com <javascript:;>> wrote:----- Original Message -----From: "Jay Farrell via NANOG" <nanog () nanog org <javascript:;>>And of course on windows ipconfig /flushdns Still I had to wait for my corporate caching servers to update; I thinktheTTL on the old A record was an hour.Are big eyeball networks still flooring A record TTLs on resolution? Cheers, -- jra -- Jay R. Ashworth Baylink jra () baylink com <javascript:;> Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Current thread:
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey, (continued)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Jay Farrell via NANOG (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Jay R. Ashworth (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Stephen Satchell (Sep 25)
- BCP38 deployment [ was Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey ] Hugo Slabbert (Sep 25)
- Re: BCP38 deployment [ was Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey ] Valdis . Kletnieks (Sep 26)
- Re: BCP38 deployment [ was Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey ] Vincent Bernat (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Milhollan (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Royce Williams (Sep 26)
- Message not available
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Kristoff (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mike Hammett (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Jay R. Ashworth (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mike Hammett (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Levine (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John R. Levine (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Hugo Slabbert (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Levine (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Livingood, Jason (Sep 26)