[190930] in North American Network Operators' Group
Re: Host.us DDOS attack -and- related conversations
daemon@ATHENA.MIT.EDU (James Bensley)
Wed Aug 3 10:42:35 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <056d8e33-e2f1-db9c-7148-095bd200f4e5@pubnix.net>
From: James Bensley <jwbensley@gmail.com>
Date: Wed, 3 Aug 2016 15:40:17 +0100
To: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On 3 August 2016 at 15:16, Alain Hebert <ahebert@pubnix.net> wrote:
> PS:
>
> I will like to take this time to underline the lack of
> participation from a vast majority of ISPs into BCP38 and the like. We
> need to keep educating them at every occasion we have.
>
> For those that actually implemented some sort of tech against
> it, you are a beacon of hope in what is a ridiculous situation that has
> been happening for more than 15 years.
At the risk of starting a "NANOG war" [1], BCP isn't a magic wand.
If I find a zero day in the nasty customised kernels that OVH run on
their clients boxes, I only need 300 compromised hosts to send 300Gbps
of traffic without spoofing the IP or using amplification attacks [2].
I can rent a server with a 10Gbps connection for 1 hour for a few
quid/dollars. I could generate hundreds of Gbps of traffic for about
=C2=A31000 from legitimate IPs, paid for with stolen card details. How will
BCP save you then? Can everyone stop praising it like it was a some
magic bullet?
James.
[1] A pathetic and futile one, so different from the rest.
[2] Subsitute OVH for any half decent provider that isn't really oversubscr=
ibed.
