Also, abusix is not completely accurate (and they've never responded to
my emails reporting problems). For example, any IPs from apnic and
nic.ad.jp return the registry's abuse address, which doesn't do anything.
Don't forget about all the providers with incorrect abuse contacts, or
On 11/09/2014 09:31 AM, Brian Rak wrote:
Some tips:
1) Verify the servers are still vulnerable. This is pretty straightforward,
and saves everyone
involved some time
For a DDOS, I'd be concerned that the provider would now think my activity was
malicious.
2) Your abuse emails should
On 11/8/14 6:33 PM, Roland Dobbins wrote:
this is incorrect and harmful, and should be removed:
iii.Consider dropping any DNS reply packets which are larger
than 512 Bytes – these are commonly found in DNS DoS Amplification attacks.
This *breaks the Internet*. Don't do it.
+1
On 9November2014Sunday, at 11:40, Doug Barton do...@dougbarton.us wrote:
On 11/8/14 6:33 PM, Roland Dobbins wrote:
this is incorrect and harmful, and should be removed:
iii.Consider dropping any DNS reply packets which are larger
than 512 Bytes – these are commonly found in DNS
On 11/9/2014 13:40, Doug Barton wrote:
On 11/8/14 6:33 PM, Roland Dobbins wrote:
this is incorrect and harmful, and should be removed:
iii.Consider dropping any DNS reply packets which are larger
than 512 Bytes – these are commonly found in DNS DoS Amplification
attacks.
This *breaks
On 10 Nov 2014, at 8:23, Larry Sheldon wrote:
The whole thing Really?
Breaking DNS for your customers pretty much breaks the Internet for them, yes.
---
Roland Dobbins rdobb...@arbor.net
Out of curiosity, have any of you had luck reporting the sources of attacks
to the admins of the origin ASNs?
Any failure or success stories you can share?
Macca
On Sat, Nov 8, 2014 at 6:20 PM, Paul Bennett paul.w.benn...@gmail.com
wrote:
On Sat, Nov 8, 2014 at 2:00 AM, Roland Dobbins
On 8 Nov 2014, at 17:09, McDonald Richards wrote:
Any failure or success stories you can share?
In my experience, it's the generally broadband access operators who will
sometimes respond, when contacted about reflection/amplification attacks
leveraging misconfigured, abusable CPE.
Hey,
We've been hit on/off with large scale amplification attacks over the last
few years.
We found looking up src ASN of the attack and reporting is not super
helpful, as many blocks come from sub allocations and you'll just get
redirected to someone else. This will just cause more overhead and
I can offer an indirect story, and not quite a reflection attack, but a
DDoS one.
We happen to have a host that had an IPMI board exposed to the net, that
got compromised, and became a vector for a DDoS attack. The target
reported the attack to at least some of the sources, including
On 11/07/2014 11:20 PM, Paul Bennett wrote:
On Sat, Nov 8, 2014 at 2:00 AM, Roland Dobbins rdobb...@arbor.net wrote:
On 8 Nov 2014, at 1:56, srn.na...@prgmr.com wrote:
But right now how should we be doing it?
http://www.team-cymru.org/Services/ip-to-asn.html
Once you get the ASN or at
On 11/08/2014 03:30 AM, Ruairi Carroll wrote:
Whois data *seems* to be a little more reliable, and there's an abuseEmail
script out there that
helps automate the abuse contact lookup ( http://abuseemail.sourceforge.net/
).
I believe this script is out of date and I would not use this
Do you know if third-parties such as SANS ISC or ShadowServer take lists of IPs?
Frank
-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of srn.na...@prgmr.com
Sent: Friday, November 07, 2014 12:57 PM
To: nanog@nanog.org
Subject: Reporting DDOS reflection attacks
such as SANS ISC or ShadowServer take lists of
IPs?
Frank
-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of srn.na...@prgmr.com
Sent: Friday, November 07, 2014 12:57 PM
To: nanog@nanog.org
Subject: Reporting DDOS reflection attacks
Like most small providers
On 9 Nov 2014, at 6:46, Yardiel D. Fuentes wrote:
http://bcop.nanog.org/index.php/BCOP_Drafts
There are some good general recommendations in this document (Word
format? Really?), but this is incorrect and harmful, and should be
removed:
iii. Consider dropping any DNS reply packets
Like most small providers, we occasionally get hit by DoS attacks. We got
hammered by an SSDP
reflection attack (udp port 1900) last week. We took a 27 second log and from
there extracted
about 160k unique IPs.
It is really difficult to find abuse emails for 160k IPs.
We know about abuse.net
On 8 Nov 2014, at 1:56, srn.na...@prgmr.com wrote:
But right now how should we be doing it?
http://www.team-cymru.org/Services/ip-to-asn.html
---
Roland Dobbins rdobb...@arbor.net
On Sat, Nov 8, 2014 at 2:00 AM, Roland Dobbins rdobb...@arbor.net wrote:
On 8 Nov 2014, at 1:56, srn.na...@prgmr.com wrote:
But right now how should we be doing it?
http://www.team-cymru.org/Services/ip-to-asn.html
Once you get the ASN or at least the domain name of the ISP providing
18 matches
Mail list logo