[191674] in North American Network Operators' Group
Re: Krebs on Security booted off Akamai network after DDoS attack
daemon@ATHENA.MIT.EDU (Ca By)
Sun Sep 25 13:43:48 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <20160925172609.10758.qmail@ary.lan>
From: Ca By <cb.list6@gmail.com>
Date: Sun, 25 Sep 2016 10:41:12 -0700
To: John Levine <johnl@iecc.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Sunday, September 25, 2016, John Levine <johnl@iecc.com> wrote:
> >> Yeh, bcp38 is not a viable solution.
>
> Krebs said this DDoS came from insecure IoT devices, of which there
> are a kazillion, with the numbers growing every day. Why would they
> need to spoof IPs? How would BCP38 help?
>
> R's,
> John
>
Worth reading to level set
https://www.internetsociety.org/sites/default/files/01_5.pdf
The attack is triggered by a few spoofs somewhere in the world. It is not
feasible to stop this.
The attack traffic that blows up to 600gbs is from traceable iot crap , the
victim knows who is sending the packers (iot crap) and the access network
(comcast, att ...) has the AUP authority to shut it down.
One by one.
Or automated.
Please see https://www.ietf.org/rfc/rfc6561.txt
