[172650] in North American Network Operators' Group
Re: Team Cymru / Spamhaus
daemon@ATHENA.MIT.EDU (Paul S.)
Fri Jun 27 22:26:14 2014
X-Original-To: nanog@nanog.org
Date: Sat, 28 Jun 2014 11:25:09 +0900
From: "Paul S." <contact@winterei.se>
To: nanog@nanog.org
In-Reply-To: <Pine.LNX.4.61.1406271629490.10544@soloth.lewis.org>
Errors-To: nanog-bounces@nanog.org
+1, blanket banning is probably not the best way to go.
On 6/28/2014 午前 05:40, Jon Lewis wrote:
> On Fri, 27 Jun 2014, Adam Greene wrote:
>
>> We're evaluating whether to add BGP feeds from these two sources in
>> attempt
>> to minimize exposure to DoS.
>>
>> The Team Cymru BOGON list (
>>
>> http://www.team-cymru.org/Services/Bogons/bogon-bn-nonagg.txt or
>>
>> http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt
>
> These really won't do anything to stop DoS attacks. Common DDoS attack
> traffic these days comes via reflection from non-spoofed sources
> replying to a spoofed public IP target.
>
>> http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt
>
> Same here. Whether or not its worth null routing unallocated IP space
> may be debatable, but again, it't not going to help protect you from a
> typical real DDoS.
>
>> We're a little more leery about trying Spamhaus's BGPf service (DROP,
>> EDROP
>> and BCL,
>>
>> http://www.spamhaus.org/bgpf/
>
> This is more about stopping spam from entering your network and
> stopping compromised hosts on your network from becoming active in
> botnets (by cutting off their command and control).
>
> ----------------------------------------------------------------------
> Jon Lewis, MCP :) | I route
> | therefore you are
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
