On Thu, Apr 23, 2020 at 3:26 PM Ca By <[email protected]> wrote: > On Thu, Apr 23, 2020 at 3:14 PM Compton, Rich A <[email protected]> > wrote: > >> Good luck with that. 😊 As Damian Menscher has presented at NANOG, >> even if we do an amazing job and shut down 99% of all DDoS reflectors, >> there will still be enough bandwidth to generate terabit size attacks. >> https://stats.cybergreen.net >> >> I think we need to instead collectively focus on stopping the spoofed >> traffic that allows these attacks to be generated in the first place. >> >> -Rich >> > > The bcp38 religion has failed to deliver the promised land for 20 years. >
That's because it's been opt-in for thousands of ASNs. 1 spoofer is all you need to trigger all the reflectors. > A handful of transit providers is all you need to identify and filter all sources of spoofing. I do bcp38, i encourage others to as well, but i do not plan on it > unclogging the pipes in my lifetime. > > You will get more miles from ACL dropping and policing known bad traffic > (most of udp) > Do you have 10 Tbps of spare ingress capacity? If not, you should re-think your strategy (which may simply include a playbook for how to explain the outage to your customers). Damian *From: *NANOG Email List <[email protected]> on behalf of Bottiger < >> [email protected]> >> *Date: *Thursday, April 23, 2020 at 3:32 PM >> *To: *Siyuan Miao <[email protected]> >> >> *Cc: *NANOG list <[email protected]> >> *Subject: *Re: Best way to get foreign ISPs to shut down DDoS reflectors? >> >> >> >> We are unable to upgrade our bandwidth in those areas. There are no >> providers within our budget there at the moment. Surely there must be some >> way to get them to respond. >> >> >> >> On Thu, Apr 23, 2020 at 2:23 PM Siyuan Miao <[email protected]> wrote: >> >> It won't work. >> >> >> >> Get a good DDoS protection and forget about it. >> >> >> >> On Fri, Apr 24, 2020 at 5:17 AM Bottiger <[email protected]> wrote: >> >> Is there a guide on how to get foreign ISPs to shut down reflectors used >> in DDoS attacks? >> >> >> >> I've tried sending emails listed under abuse contacts for their regional >> registries. Either there is none listed, the email is full, email does not >> exist, or they do not reply. Same results when sending to whatever other >> email they have listed. >> >> >> >> Example Networks: >> >> >> >> CLARO S.A. >> >> Telefonica >> >> China Telecom >> >> Korea Telecom >> >> The contents of this e-mail message and >> any attachments are intended solely for the >> addressee(s) and may contain confidential >> and/or legally privileged information. If you >> are not the intended recipient of this message >> or if this message has been addressed to you >> in error, please immediately alert the sender >> by reply e-mail and then delete this message >> and any attachments. If you are not the >> intended recipient, you are notified that >> any use, dissemination, distribution, copying, >> or storage of this message or any attachment >> is strictly prohibited. >> >
