[192327] in North American Network Operators' Group
Re: Dyn DDoS this AM?
daemon@ATHENA.MIT.EDU (Mike Hammett)
Tue Oct 25 09:40:49 2016
X-Original-To: nanog@nanog.org
Date: Tue, 25 Oct 2016 06:51:10 -0500 (CDT)
From: Mike Hammett <nanog@ics-il.net>
Cc: NANOG list <nanog@nanog.org>
In-Reply-To: <CALoKGd3VyrdY6zcs0CEZ9Y5K0GnKEBR8wjj3dKkzaOEcx2bO6w@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
Side note: I asked Mikrotik and they accepted the feature request of changing their uRPF setting from being universal on the machine to being per-interface (as the kernel supports). That would make it easier for Mikrotik end-user-facing routers to block crap right at the edge, allowing for strict facing customer and loose elsewhere. They haven't implemented it yet, but they accepted the request.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
----- Original Message -----
From: "Alexander Lyamin" <la@qrator.net>
To: "Ronald F. Guilmette" <rfg@tristatelogic.com>
Cc: "NANOG list" <nanog@nanog.org>
Sent: Tuesday, October 25, 2016 3:29:56 AM
Subject: Re: Dyn DDoS this AM?
Yeah, it sucked to be a Dyn customer that day. However, if you had a
backup dns provider, it wasnt that bad.
You do realize that collateral effect scale is a property of a target and
not attack?
My point was that implementing MANRS, while isn't covering all of the
spectrum of the attacks that made news this autumn will make at least some
of them if not impossible, but harder to execute.
And as I said - its work in progress.
P.S. Jared Mauch notes regarding uRPF underperformance are correct, but it
only shows how rarely its actually used in a real life. uRPF is more then
feasible in terms of algorithmical complexity, and this means that bugs can
be dealed with.
On Tue, Oct 25, 2016 at 7:30 AM, Ronald F. Guilmette <rfg@tristatelogic.com>
wrote:
>
> In message <CALoKGd15haJXthiT31Y_wk=-5UGLSRbusHv4b8btQ5nXv5Dmuw@mail.
> gmail.com>,
> Alexander Lyamin <la@qrator.net> wrote:
>
> >Its not a first time we have and large scale DDoS incident.
> >Its not a first time we have (a kind of) knee-jerk reaction.
>
> I could be wrong, but I think its the first time I've turned
> on CNN and seen a "heat map" of the incident showing the entire
> NorthEast / New England area, all the way down to Washington,
> and parts of California all blanketed in red.
>
> So that part, at least, was, ya know, novel.
>
>
> Regards,
> rfg
>
--
Alexander Lyamin
CEO | Qrator <http://qrator.net/>* Labs*
office: 8-800-3333-LAB (522)
mob: +7-916-9086122
skype: melanor9
mailto: la@qrator.net
