[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Getting hit hard by CHINANET
China network blocks work great, I wish did not have to use but they never respond to admin or abuse contacts either
> On 23 Mar 2015, at 13:06, Ray Soucy <rps at maine.edu> wrote:
> I did a test on my personal server of filtering every IP network assigned
> to China for a few months and over 90% of SSH attempts and other noise just
> went away. It was pretty remarkable.
> Working for a public university I can't block China outright, but there are
> times it has been tempting. :-)
> The majority of DDOS attacks I see are sourced from addresses in the US,
> though (likely spoofed). Just saw a pretty large one last week which was
> SSDP 1900 to UDP port 80, 50K+ unique host addresses involved.
> On Wed, Mar 18, 2015 at 8:32 AM, Eric Rogers <ecrogers at precisionds.com>
>> We are using Mikrotik for a BGP blackhole server that collects BOGONs
>> from CYMRU and we also have our servers (web, email, etc.) use fail2ban
>> to add a bad IP to the Mikrotik. We then use BGP on all our core
>> routers to null route those IPs.
>> The ban-time is for a few days, and totally dynamic, so it isn't a
>> permanent ban. Seems to have cut down on the attempts considerably.
>> Eric Rogers
>> (317) 831-3000 x200
>> -----Original Message-----
>> From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Roland Dobbins
>> Sent: Wednesday, March 18, 2015 6:04 AM
>> To: nanog at nanog.org
>> Subject: Re: Getting hit hard by CHINANET
>> On 18 Mar 2015, at 17:00, Roland Dobbins wrote:
>>> This is not an optimal approach, and most providers are unlikely to
>>> engage in such behavior due to its potential negative impact (I'm
>>> assuming you mean via S/RTBH and/or flowspec).
>> Here's one counterexample:
>> Roland Dobbins <rdobbins at arbor.net>
> Ray Patrick Soucy
> Network Engineer
> University of Maine System
> T: 207-561-3526
> F: 207-561-3531
> MaineREN, Maine's Research and Education Network