[177279] in North American Network Operators' Group
Re: DDOS solution recommendation
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Sun Jan 11 14:42:23 2015
X-Original-To: nanog@nanog.org
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <DB84CD39-F363-48BB-80B7-C819C6533856@gmail.com>
Date: Sun, 11 Jan 2015 14:42:13 -0500
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
I do love solutions which open larger attack surfaces than they are =
supposed to close. In the US, we call that "a cure worse than the =
disease".
Send packet from random bot with source of Google, Comcast, Akamai, etc. =
to Mr. Hammett's not-DNS / honeypot / whatever, and watch him close =
himself off from the world.
Voil=C3=A0! Denial of service accomplished without all the hassle of =
sending 100s of Gbps of traffic.
Best part is he was willing to explain this to 10,000+ of his =
not-so-closest friends, in a search-engine-indexed manner.
--=20
TTFN,
patrick
On Jan 11, 2015, at 14:34 , Phil Bedard <bedard.phil@gmail.com> wrote:
>=20
> Many attacks can use spoofed source IPs, so who are you really =
blocking? =20
>=20
> That's why BCP38 as mentioned many times already is a necessary tool =
in=20
> fighting the attacks overall. =20
>=20
> Phil=20
>=20
>=20
>=20
>=20
> On 1/11/15, 4:33 PM, "Mike Hammett" <nanog@ics-il.net> wrote:
>=20
>> I didn't necessarily think I was shattering minds with my ideas.=20
>>=20
>> I don't have the time to read a dozen presentations.=20
>>=20
>> Blackhole them and move on. I don't care whose feelings I hurt. This=20=
>> isn't kindergarten. Maybe "you" should have tried a little harder to =
not=20
>> get a virus in the first place. Quit clicking on male enhancement ads =
or=20
>> update your OS occasionally. I'm not going to spend a bunch of time =
and=20
>> money to make sure someone's bubble of bliss doesn't get popped. =
Swift,=20
>> effective, cheap. Besides, you're only cut off for 30 days. If in 30 =
days=20
>> you can prove yourself to be responsible, we can try this again. =
Well,=20
>> that or a sufficient support request.=20
>>=20
>> Besides, if enough people did hat, the list of blackholes wouldn't be=20=
>> huge as someone upstream already blocked them.=20
>>=20
>>=20
>>=20
>>=20
>> -----=20
>> Mike Hammett=20
>> Intelligent Computing Solutions=20
>> http://www.ics-il.com=20
>>=20
>>=20
>>=20
>> ----- Original Message -----
>>=20
>> From: "Roland Dobbins" <rdobbins@arbor.net>=20
>> To: nanog@nanog.org=20
>> Sent: Sunday, January 11, 2015 9:29:33 AM=20
>> Subject: Re: DDOS solution recommendation=20
>>=20
>>=20
>> On 11 Jan 2015, at 22:21, Mike Hammett wrote:=20
>>=20
>>> I'm not saying what you're doing is wrong, I'm saying whatever the=20=
>>> industry as a whole is doing obviously isn't working and perhaps a=20=
>>> different approach is required.=20
>>=20
>> You haven't recommended anything new, and you really need to do some=20=
>> reading in order to understand why it isn't as simple as you seem to=20=
>> think it is.=20
>>=20
>>> Security teams? My network has me, myself and I.=20
>>=20
>> And a relatively small network, too.=20
>>=20
>>> If for example ChinaNet's abuse department isn't doing anything =
about=20
>>> complains, eventually their whole network gets blocked a /32 at a=20
>>> time. *shrugs* Their loss.=20
>>=20
>> Again, it isn't that simple.=20
>>=20
>> -----------------------------------=20
>> Roland Dobbins <rdobbins@arbor.net>=20
>>=20
