[191642] in North American Network Operators' Group
Re: Krebs on Security booted off Akamai network after DDoS attack
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Fri Sep 23 21:58:46 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <Pine.LNX.4.61.1609232123160.26305@soloth.lewis.org>
From: Christopher Morrow <morrowc.lists@gmail.com>
Date: Fri, 23 Sep 2016 21:58:42 -0400
To: Jon Lewis <jlewis@lewis.org>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Fri, Sep 23, 2016 at 9:24 PM, Jon Lewis <jlewis@lewis.org> wrote:
> On Fri, 23 Sep 2016, Patrick W. Gilmore wrote:
>
> Is CloudFlare able to filter Layer 7 these days? I was under the
>> impression CloudFlare was not able to do that.
>>
>> There have been a lot of rumors about this attack. Some say reflection,
>> others say Layer 7, others say .. other stuff. If it is Layer 7, how are
>> you going to =C3=BF=C3=BFstep in front of the cannon=C3=BF=C3=BF? Would =
you just pass through
>> all the traffic?
>>
>
> Anycast + load balancers + high powered varnish?
>
>
notionally (because I have been paying zero attention to this) jon's
suggesting:
1) setup a crapload of nginx/squid/etc configured tightly for things to
be accessed behind them
2) ecmp to them across several layers (assume 32 ecmp at each layer, call
it 4 layers get craploads of machines running)
3) change over the dns
4) profit--
eh? If you can eat the PPS, you can spray across enough tcp listeners, you
can weed out the chaff and start filtering in the 'application'... perhaps
also run a 'low bandwidth' version of the target site...
hey look, we invented prolexic.
