China network blocks work great, I wish did not have to use but they never respond to admin or abuse contacts either
Colin > On 23 Mar 2015, at 13:06, Ray Soucy <[email protected]> wrote: > > I did a test on my personal server of filtering every IP network assigned > to China for a few months and over 90% of SSH attempts and other noise just > went away. It was pretty remarkable. > > Working for a public university I can't block China outright, but there are > times it has been tempting. :-) > > The majority of DDOS attacks I see are sourced from addresses in the US, > though (likely spoofed). Just saw a pretty large one last week which was > SSDP 1900 to UDP port 80, 50K+ unique host addresses involved. > > > On Wed, Mar 18, 2015 at 8:32 AM, Eric Rogers <[email protected]> > wrote: > >> We are using Mikrotik for a BGP blackhole server that collects BOGONs >> from CYMRU and we also have our servers (web, email, etc.) use fail2ban >> to add a bad IP to the Mikrotik. We then use BGP on all our core >> routers to null route those IPs. >> >> The ban-time is for a few days, and totally dynamic, so it isn't a >> permanent ban. Seems to have cut down on the attempts considerably. >> >> Eric Rogers >> PDSConnect >> www.pdsconnect.me >> (317) 831-3000 x200 >> >> >> -----Original Message----- >> From: NANOG [mailto:[email protected]] On Behalf Of Roland Dobbins >> Sent: Wednesday, March 18, 2015 6:04 AM >> To: [email protected] >> Subject: Re: Getting hit hard by CHINANET >> >> >> On 18 Mar 2015, at 17:00, Roland Dobbins wrote: >> >>> This is not an optimal approach, and most providers are unlikely to >>> engage in such behavior due to its potential negative impact (I'm >>> assuming you mean via S/RTBH and/or flowspec). >> >> Here's one counterexample: >> >> <https://ripe68.ripe.net/presentations/176-RIPE68_JSnijders_DDoS_Damage_ >> Control.pdf> >> >> ----------------------------------- >> Roland Dobbins <[email protected]> >> > > > > -- > Ray Patrick Soucy > Network Engineer > University of Maine System > > T: 207-561-3526 > F: 207-561-3531 > > MaineREN, Maine's Research and Education Network > www.maineren.net
