|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: nanog@nanog.org Date: Sun, 11 Jan 2015 15:08:45 -0600 (CST) From: Mike Hammett <nanog@ics-il.net> To: NANOG list <nanog@nanog.org> In-Reply-To: <95FAA7BE-A61D-4F9A-8966-E13076AA93F4@ianai.net> Errors-To: nanog-bounces@nanog.org If that were to happen, it'd be for 30 days and it'd be whatever random res= idential account or APNIC address that was doing it. Not really a big loss.= =20 -----=20 Mike Hammett=20 Intelligent Computing Solutions=20 http://www.ics-il.com=20 ----- Original Message ----- From: "Patrick W. Gilmore" <patrick@ianai.net>=20 To: "NANOG list" <nanog@nanog.org>=20 Sent: Sunday, January 11, 2015 1:42:13 PM=20 Subject: Re: DDOS solution recommendation=20 I do love solutions which open larger attack surfaces than they are suppose= d to close. In the US, we call that "a cure worse than the disease".=20 Send packet from random bot with source of Google, Comcast, Akamai, etc. to= Mr. Hammett's not-DNS / honeypot / whatever, and watch him close himself o= ff from the world.=20 Voil=C3=A0! Denial of service accomplished without all the hassle of sendin= g 100s of Gbps of traffic.=20 Best part is he was willing to explain this to 10,000+ of his not-so-closes= t friends, in a search-engine-indexed manner.=20 --=20 TTFN,=20 patrick=20 On Jan 11, 2015, at 14:34 , Phil Bedard <bedard.phil@gmail.com> wrote:=20 >=20 > Many attacks can use spoofed source IPs, so who are you really blocking?= =20 >=20 > That's why BCP38 as mentioned many times already is a necessary tool in= =20 > fighting the attacks overall.=20 >=20 > Phil=20 >=20 >=20 >=20 >=20 > On 1/11/15, 4:33 PM, "Mike Hammett" <nanog@ics-il.net> wrote:=20 >=20 >> I didn't necessarily think I was shattering minds with my ideas.=20 >>=20 >> I don't have the time to read a dozen presentations.=20 >>=20 >> Blackhole them and move on. I don't care whose feelings I hurt. This=20 >> isn't kindergarten. Maybe "you" should have tried a little harder to not= =20 >> get a virus in the first place. Quit clicking on male enhancement ads or= =20 >> update your OS occasionally. I'm not going to spend a bunch of time and= =20 >> money to make sure someone's bubble of bliss doesn't get popped. Swift,= =20 >> effective, cheap. Besides, you're only cut off for 30 days. If in 30 day= s=20 >> you can prove yourself to be responsible, we can try this again. Well,= =20 >> that or a sufficient support request.=20 >>=20 >> Besides, if enough people did hat, the list of blackholes wouldn't be=20 >> huge as someone upstream already blocked them.=20 >>=20 >>=20 >>=20 >>=20 >> -----=20 >> Mike Hammett=20 >> Intelligent Computing Solutions=20 >> http://www.ics-il.com=20 >>=20 >>=20 >>=20 >> ----- Original Message -----=20 >>=20 >> From: "Roland Dobbins" <rdobbins@arbor.net>=20 >> To: nanog@nanog.org=20 >> Sent: Sunday, January 11, 2015 9:29:33 AM=20 >> Subject: Re: DDOS solution recommendation=20 >>=20 >>=20 >> On 11 Jan 2015, at 22:21, Mike Hammett wrote:=20 >>=20 >>> I'm not saying what you're doing is wrong, I'm saying whatever the=20 >>> industry as a whole is doing obviously isn't working and perhaps a=20 >>> different approach is required.=20 >>=20 >> You haven't recommended anything new, and you really need to do some=20 >> reading in order to understand why it isn't as simple as you seem to=20 >> think it is.=20 >>=20 >>> Security teams? My network has me, myself and I.=20 >>=20 >> And a relatively small network, too.=20 >>=20 >>> If for example ChinaNet's abuse department isn't doing anything about= =20 >>> complains, eventually their whole network gets blocked a /32 at a=20 >>> time. *shrugs* Their loss.=20 >>=20 >> Again, it isn't that simple.=20 >>=20 >> -----------------------------------=20 >> Roland Dobbins <rdobbins@arbor.net>=20 >>=20
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |