[178977] in North American Network Operators' Group
RE: Getting hit hard by CHINANET
daemon@ATHENA.MIT.EDU (Eric Rogers)
Wed Mar 18 17:15:01 2015
X-Original-To: nanog@nanog.org
X-Barracuda-Envelope-From: ecrogers@precisionds.com
Date: Wed, 18 Mar 2015 08:32:22 -0400
From: "Eric Rogers" <ecrogers@precisionds.com>
To: <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
We are using Mikrotik for a BGP blackhole server that collects BOGONs
from CYMRU and we also have our servers (web, email, etc.) use fail2ban
to add a bad IP to the Mikrotik. We then use BGP on all our core
routers to null route those IPs.
The ban-time is for a few days, and totally dynamic, so it isn't a
permanent ban. Seems to have cut down on the attempts considerably.
Eric Rogers
PDSConnect
www.pdsconnect.me
(317) 831-3000 x200
-----Original Message-----
From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Roland Dobbins
Sent: Wednesday, March 18, 2015 6:04 AM
To: nanog@nanog.org
Subject: Re: Getting hit hard by CHINANET
On 18 Mar 2015, at 17:00, Roland Dobbins wrote:
> This is not an optimal approach, and most providers are unlikely to=20
> engage in such behavior due to its potential negative impact (I'm=20
> assuming you mean via S/RTBH and/or flowspec).
Here's one counterexample:
<https://ripe68.ripe.net/presentations/176-RIPE68_JSnijders_DDoS_Damage_
Control.pdf>
-----------------------------------
Roland Dobbins <rdobbins@arbor.net>
