[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Getting hit hard by CHINANET

We are using Mikrotik for a BGP blackhole server that collects BOGONs
from CYMRU and we also have our servers (web, email, etc.) use fail2ban
to add a bad IP to the Mikrotik.  We then use BGP on all our core
routers to null route those IPs.

The ban-time is for a few days, and totally dynamic, so it isn't a
permanent ban.  Seems to have cut down on the attempts considerably.

Eric Rogers
(317) 831-3000 x200

-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Roland Dobbins
Sent: Wednesday, March 18, 2015 6:04 AM
To: nanog at nanog.org
Subject: Re: Getting hit hard by CHINANET

On 18 Mar 2015, at 17:00, Roland Dobbins wrote:

> This is not an optimal approach, and most providers are unlikely to 
> engage in such behavior due to its potential negative impact (I'm 
> assuming you mean via S/RTBH and/or flowspec).

Here's one counterexample:


Roland Dobbins <rdobbins at arbor.net>