[169096] in North American Network Operators' Group
Re: ddos attack blog
daemon@ATHENA.MIT.EDU (Jared Mauch)
Thu Feb 13 12:17:37 2014
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <CAD6AjGRHx2N0dfF2nESBcgWHUXqgv-o_pU2bJboaphNcoZJ0yA@mail.gmail.com>
Date: Thu, 13 Feb 2014 12:17:10 -0500
To: Cb B <cb.list6@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 13, 2014, at 12:06 PM, Cb B <cb.list6@gmail.com> wrote:
> Good write up, includes name and shame for AT&T Wireless, IIJ, OVH,
> DTAG and others
>=20
> =
http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplific=
ation-ddos-attack
>=20
> Standard plug for http://openntpproject.org/ and
> http://openresolverproject.org/ and bcp38 , please fix/help.
>=20
> For those of you paying attention to the outage list, this is a pretty
> big deal that has had daily ramification for some very big networks
> https://puck.nether.net/pipermail/outages/2014-February/date.html
>=20
> In general, i think UDP is doomed to be blocked and rate limited --
> tragedy of the commons. But, it would be nice if folks would just fix
> the root of the issue so the rest of us don't have go there...
While I'm behind some of the inventory projects (so you can go ahead and =
fix.. let me know
if you need/want the URLs to see data for your networks)...
I must provide credit to those behind the "Amplification Hell" talk at =
NDSS. If you
are at all interested in what is going on, you should attend or review =
the content.
http://www.internetsociety.org/ndss2014/programme
BCP-38 on your customers is going to be critical to prevent the abuse =
reaching your
network. Please ask your vendors for it, and ask for your providers to =
filter your
network to prevent you originating this abuse.
If you operate hosted VMs, servers, etc.. please make sure those =
netblocks are
secured as well.
You can easily check your network (As can the bad guys!) here:
http://spoofer.cmand.org/
- Jared=
