[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Host.us DDOS attack -and- related conversations

Stopping one vector that makes up the largest of DDoSes certainly isn't a bad thing. 

Mike Hammett 
Intelligent Computing Solutions 


----- Original Message -----

From: "James Bensley" <jwbensley at gmail.com> 
To: nanog at nanog.org 
Sent: Wednesday, August 3, 2016 9:40:17 AM 
Subject: Re: Host.us DDOS attack -and- related conversations 

On 3 August 2016 at 15:16, Alain Hebert <ahebert at pubnix.net> wrote: 
> PS: 
> I will like to take this time to underline the lack of 
> participation from a vast majority of ISPs into BCP38 and the like. We 
> need to keep educating them at every occasion we have. 
> For those that actually implemented some sort of tech against 
> it, you are a beacon of hope in what is a ridiculous situation that has 
> been happening for more than 15 years. 

At the risk of starting a "NANOG war" [1], BCP isn't a magic wand. 

If I find a zero day in the nasty customised kernels that OVH run on 
their clients boxes, I only need 300 compromised hosts to send 300Gbps 
of traffic without spoofing the IP or using amplification attacks [2]. 

I can rent a server with a 10Gbps connection for 1 hour for a few 
quid/dollars. I could generate hundreds of Gbps of traffic for about 
?1000 from legitimate IPs, paid for with stolen card details. How will 
BCP save you then? Can everyone stop praising it like it was a some 
magic bullet? 


[1] A pathetic and futile one, so different from the rest. 

[2] Subsitute OVH for any half decent provider that isn't really oversubscribed.