[192195] in North American Network Operators' Group
Re: Death of the Internet, Film at 11
daemon@ATHENA.MIT.EDU (Brandon Butterworth)
Sat Oct 22 11:04:48 2016
X-Original-To: nanog@nanog.org
Date: Sat, 22 Oct 2016 16:02:42 +0100 (BST)
From: Brandon Butterworth <brandon@rd.bbc.co.uk>
To: nanog@ics-il.net
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
> From nanog-bounces@nanog.org Sat Oct 22 15:51:34 2016
> If they are easy to trace, then it should be easy for you to
> tell me how to find them on my network.
Not sure if you're trolling now, apologies if what I wrote
wasn't clear.
If you did want to find them before they attack then you could
scan for them, the miscreants already did and easily found them.
For some attack vectors there are services that are doing it
for you, see the excellent
https://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork
> The addresses being known to them doesn't help me at all clean
> up my network or help other networks clean up theirs.
Did you read my whole mail? The suggestion is people who get attacked
tell the ISPs of the devices doing the attacking
> It would be rather difficult for me (and I'm sure many other operators)
> to distinguish normal Dyn traffic from DDoS Dyn traffic.
I was not suggesting you try and guess, I was suggesting you be given
data from actual attacks.
brandon
