[182841] in North American Network Operators' Group
Re: GoDaddy : DoS :: Contact
daemon@ATHENA.MIT.EDU (Mel Beckman)
Sun Aug 2 20:56:07 2015
X-Original-To: nanog@nanog.org
From: Mel Beckman <mel@beckman.org>
To: Jason LeBlanc <jason.leblanc@infusionsoft.com>
Date: Mon, 3 Aug 2015 00:56:02 +0000
In-Reply-To: <D1E4002A.2F3A3%jason.leblanc@infusionsoft.com>
Cc: "<nanog@nanog.org>" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Blackholing isn't what you want. That will still permit his source IP into =
your network, and only blackhole replies from your network, so the attack w=
ill still consume bandwidth. What you should request is a source IP ACL blo=
cking that address at your upstream' border.
BGP is no help in these situations, unless you use a BGP-based DDoS protect=
ion service.
-mel beckman
On Aug 2, 2015, at 5:17 PM, Jason LeBlanc <jason.leblanc@infusionsoft.com<m=
ailto:jason.leblanc@infusionsoft.com>> wrote:
Thanks Mel. You are not being difficult, I meant DoS. The network I inher=
ited doesn't have BGP yet so I have asked our upstream to blackhole it and =
I emailed abuse neither have happened yet. I do block it but that's after =
it hits our side.
//Jason
From: Mel Beckman <mel@beckman.org<mailto:mel@beckman.org>>
Date: Sunday, August 2, 2015 at 4:20 PM
To: Jason LeBlanc <jason.leblanc@infusionsoft.com<mailto:jason.leblanc@infu=
sionsoft.com>>
Cc: NANOG <nanog@nanog.org<mailto:nanog@nanog.org>>
Subject: Re: GoDaddy : DDoS :: Contact
Not to be difficult, but how can it be a DDoS attack if it's coming from a =
single IP? Normally you would just block this IP at your borders or ask you=
r upstreams to do so before it consumes your bandwidth. You still want to g=
et GoDaddy to address the problem, of course, but you should do that via th=
eir abuse@godaddy.com<mailto:abuse@godaddy.com> contact, or their abuse pag=
e at https://supportcenter.godaddy.com/AbuseReport/Index (submit via the "m=
alware" button).
-mel
On Aug 2, 2015, at 12:59 PM, Jason LeBlanc <jason.leblanc@infusionsoft.com<=
mailto:jason.leblanc@infusionsoft.com>> wrote:
My company is being DDoS'd by a single IP from a GoDaddy customer.
I havent had success with the abuse@godaddy.com<mailto:abuse@godaddy.com> e=
mail. Was hoping someone
that could help might be watching the list and could contact me off-list.
//Jason
