[190937] in North American Network Operators' Group
Re: Host.us DDOS attack -and- related conversations
daemon@ATHENA.MIT.EDU (Mike Hammett)
Wed Aug 3 11:20:08 2016
X-Original-To: nanog@nanog.org
Date: Wed, 3 Aug 2016 10:11:02 -0500 (CDT)
From: Mike Hammett <nanog@ics-il.net>
To: James Bensley <jwbensley@gmail.com>
In-Reply-To: <CAAWx_pVzhOWN9hBKcvVZfKvSmgcmPPOm6U86D4wjia_agr0fFA@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
Stopping one vector that makes up the largest of DDoSes certainly isn't a b=
ad thing.=20
-----=20
Mike Hammett=20
Intelligent Computing Solutions=20
http://www.ics-il.com=20
Midwest-IX=20
http://www.midwest-ix.com=20
----- Original Message -----
From: "James Bensley" <jwbensley@gmail.com>=20
To: nanog@nanog.org=20
Sent: Wednesday, August 3, 2016 9:40:17 AM=20
Subject: Re: Host.us DDOS attack -and- related conversations=20
On 3 August 2016 at 15:16, Alain Hebert <ahebert@pubnix.net> wrote:=20
> PS:=20
>=20
> I will like to take this time to underline the lack of=20
> participation from a vast majority of ISPs into BCP38 and the like. We=20
> need to keep educating them at every occasion we have.=20
>=20
> For those that actually implemented some sort of tech against=20
> it, you are a beacon of hope in what is a ridiculous situation that has=
=20
> been happening for more than 15 years.=20
At the risk of starting a "NANOG war" [1], BCP isn't a magic wand.=20
If I find a zero day in the nasty customised kernels that OVH run on=20
their clients boxes, I only need 300 compromised hosts to send 300Gbps=20
of traffic without spoofing the IP or using amplification attacks [2].=20
I can rent a server with a 10Gbps connection for 1 hour for a few=20
quid/dollars. I could generate hundreds of Gbps of traffic for about=20
=C2=A31000 from legitimate IPs, paid for with stolen card details. How will=
=20
BCP save you then? Can everyone stop praising it like it was a some=20
magic bullet?=20
James.=20
[1] A pathetic and futile one, so different from the rest.=20
[2] Subsitute OVH for any half decent provider that isn't really oversubscr=
ibed.=20
