[182879] in North American Network Operators' Group
Re: GoDaddy : DoS :: Contact
daemon@ATHENA.MIT.EDU (Jason LeBlanc)
Mon Aug 3 13:29:58 2015
X-Original-To: nanog@nanog.org
From: Jason LeBlanc <jason.leblanc@infusionsoft.com>
To: Mel Beckman <mel@beckman.org>
Date: Mon, 3 Aug 2015 17:29:53 +0000
In-Reply-To: <B2808195-0458-4A4A-9D07-94B72813743F@beckman.org>
Cc: "<nanog@nanog.org>" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Thanks Mel.
The ISP got back to me and has asked me to build a Juniper block list ACL f=
or them so I am doing that now.
//Jason
From: Mel Beckman <mel@beckman.org<mailto:mel@beckman.org>>
Date: Sunday, August 2, 2015 at 5:56 PM
To: Jason LeBlanc <jason.leblanc@infusionsoft.com<mailto:jason.leblanc@infu=
sionsoft.com>>
Cc: NANOG <nanog@nanog.org<mailto:nanog@nanog.org>>
Subject: Re: GoDaddy : DoS :: Contact
Blackholing isn't what you want. That will still permit his source IP into =
your network, and only blackhole replies from your network, so the attack w=
ill still consume bandwidth. What you should request is a source IP ACL blo=
cking that address at your upstream' border.
BGP is no help in these situations, unless you use a BGP-based DDoS protect=
ion service.
-mel beckman
On Aug 2, 2015, at 5:17 PM, Jason LeBlanc <jason.leblanc@infusionsoft.com<m=
ailto:jason.leblanc@infusionsoft.com>> wrote:
Thanks Mel. You are not being difficult, I meant DoS. The network I inher=
ited doesn=92t have BGP yet so I have asked our upstream to blackhole it an=
d I emailed abuse neither have happened yet. I do block it but that=92s af=
ter it hits our side.
//Jason
From: Mel Beckman <mel@beckman.org<mailto:mel@beckman.org>>
Date: Sunday, August 2, 2015 at 4:20 PM
To: Jason LeBlanc <jason.leblanc@infusionsoft.com<mailto:jason.leblanc@infu=
sionsoft.com>>
Cc: NANOG <nanog@nanog.org<mailto:nanog@nanog.org>>
Subject: Re: GoDaddy : DDoS :: Contact
Not to be difficult, but how can it be a DDoS attack if it=92s coming from =
a single IP? Normally you would just block this IP at your borders or ask y=
our upstreams to do so before it consumes your bandwidth. You still want to=
get GoDaddy to address the problem, of course, but you should do that via =
their abuse@godaddy.com<mailto:abuse@godaddy.com> contact, or their abuse p=
age at https://supportcenter.godaddy.com/AbuseReport/Index (submit via the =
=93malware=94 button).
-mel
On Aug 2, 2015, at 12:59 PM, Jason LeBlanc <jason.leblanc@infusionsoft.com<=
mailto:jason.leblanc@infusionsoft.com>> wrote:
My company is being DDoS'd by a single IP from a GoDaddy customer.
I havent had success with the abuse@godaddy.com<mailto:abuse@godaddy.com> e=
mail. Was hoping someone
that could help might be watching the list and could contact me off-list.
//Jason
