[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Best way to get foreign ISPs to shut down DDoS reflectors?



On Thu, Apr 23, 2020 at 3:14 PM Compton, Rich A <Rich.Compton at charter.com>
wrote:

> Good luck with that.  ð???  As Damian Menscher has presented at NANOG, even
> if we do an amazing job and shut down 99% of all DDoS reflectors, there
> will still be enough bandwidth to generate terabit size attacks.
> https://stats.cybergreen.net
>
> I think we need to instead collectively focus on stopping the spoofed
> traffic that allows these attacks to be generated in the first place.
>
> -Rich
>

The bcp38 religion has failed to deliver the promised land for 20 years.

1 spoofer is all you need to trigger all the reflectors.

I do bcp38, i encourage others to as well, but i do not plan on it
unclogging the pipes in my lifetime.

You will get more miles from ACL dropping and policing known bad traffic
(most of udp)

>
>
> *From: *NANOG Email List <nanog-bounces at nanog.org> on behalf of Bottiger <
> bottiger10 at gmail.com>
> *Date: *Thursday, April 23, 2020 at 3:32 PM
> *To: *Siyuan Miao <aveline at misaka.io>
>
> *Cc: *NANOG list <nanog at nanog.org>
> *Subject: *Re: Best way to get foreign ISPs to shut down DDoS reflectors?
>
>
>
> We are unable to upgrade our bandwidth in those areas. There are no
> providers within our budget there at the moment. Surely there must be some
> way to get them to respond.
>
>
>
> On Thu, Apr 23, 2020 at 2:23 PM Siyuan Miao <aveline at misaka.io> wrote:
>
> It won't work.
>
>
>
> Get a good DDoS protection and forget about it.
>
>
>
> On Fri, Apr 24, 2020 at 5:17 AM Bottiger <bottiger10 at gmail.com> wrote:
>
> Is there a guide on how to get foreign ISPs to shut down reflectors used
> in DDoS attacks?
>
>
>
> I've tried sending emails listed under abuse contacts for their regional
> registries. Either there is none listed, the email is full, email does not
> exist, or they do not reply. Same results when sending to whatever other
> email they have listed.
>
>
>
> Example Networks:
>
>
>
> CLARO S.A.
>
> Telefonica
>
> China Telecom
>
> Korea Telecom
>
> The contents of this e-mail message and
> any attachments are intended solely for the
> addressee(s) and may contain confidential
> and/or legally privileged information. If you
> are not the intended recipient of this message
> or if this message has been addressed to you
> in error, please immediately alert the sender
> by reply e-mail and then delete this message
> and any attachments. If you are not the
> intended recipient, you are notified that
> any use, dissemination, distribution, copying,
> or storage of this message or any attachment
> is strictly prohibited.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200423/f66d1b7e/attachment.html>