[182859] in North American Network Operators' Group
Re: GoDaddy : DoS :: Contact
daemon@ATHENA.MIT.EDU (Alistair Mackenzie)
Mon Aug 3 09:20:14 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <B2808195-0458-4A4A-9D07-94B72813743F@beckman.org>
Date: Mon, 3 Aug 2015 14:20:11 +0100
From: Alistair Mackenzie <magicsata@gmail.com>
To: Mel Beckman <mel@beckman.org>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Source based black holing would work in this case providing it was done at
GoDaddy's edge.
On 3 Aug 2015 01:58, "Mel Beckman" <mel@beckman.org> wrote:
> Blackholing isn't what you want. That will still permit his source IP into
> your network, and only blackhole replies from your network, so the attack
> will still consume bandwidth. What you should request is a source IP ACL
> blocking that address at your upstream' border.
>
> BGP is no help in these situations, unless you use a BGP-based DDoS
> protection service.
>
> -mel beckman
>
> On Aug 2, 2015, at 5:17 PM, Jason LeBlanc <jason.leblanc@infusionsoft.com
> <mailto:jason.leblanc@infusionsoft.com>> wrote:
>
> Thanks Mel. You are not being difficult, I meant DoS. The network I
> inherited doesn't have BGP yet so I have asked our upstream to blackhole it
> and I emailed abuse neither have happened yet. I do block it but that's
> after it hits our side.
>
> //Jason
>
> From: Mel Beckman <mel@beckman.org<mailto:mel@beckman.org>>
> Date: Sunday, August 2, 2015 at 4:20 PM
> To: Jason LeBlanc <jason.leblanc@infusionsoft.com<mailto:
> jason.leblanc@infusionsoft.com>>
> Cc: NANOG <nanog@nanog.org<mailto:nanog@nanog.org>>
> Subject: Re: GoDaddy : DDoS :: Contact
>
> Not to be difficult, but how can it be a DDoS attack if it's coming from a
> single IP? Normally you would just block this IP at your borders or ask
> your upstreams to do so before it consumes your bandwidth. You still want
> to get GoDaddy to address the problem, of course, but you should do that
> via their abuse@godaddy.com<mailto:abuse@godaddy.com> contact, or their
> abuse page at https://supportcenter.godaddy.com/AbuseReport/Index (submit
> via the "malware" button).
>
> -mel
>
> On Aug 2, 2015, at 12:59 PM, Jason LeBlanc <jason.leblanc@infusionsoft.com
> <mailto:jason.leblanc@infusionsoft.com>> wrote:
>
> My company is being DDoS'd by a single IP from a GoDaddy customer.
>
> I havent had success with the abuse@godaddy.com<mailto:abuse@godaddy.com>
> email. Was hoping someone
> that could help might be watching the list and could contact me off-list.
>
>
> //Jason
>
>
>
