Source based black holing would work in this case providing it was done at GoDaddy's edge. On 3 Aug 2015 01:58, "Mel Beckman" <m...@beckman.org> wrote:
> Blackholing isn't what you want. That will still permit his source IP into > your network, and only blackhole replies from your network, so the attack > will still consume bandwidth. What you should request is a source IP ACL > blocking that address at your upstream' border. > > BGP is no help in these situations, unless you use a BGP-based DDoS > protection service. > > -mel beckman > > On Aug 2, 2015, at 5:17 PM, Jason LeBlanc <jason.lebl...@infusionsoft.com > <mailto:jason.lebl...@infusionsoft.com>> wrote: > > Thanks Mel. You are not being difficult, I meant DoS. The network I > inherited doesn't have BGP yet so I have asked our upstream to blackhole it > and I emailed abuse neither have happened yet. I do block it but that's > after it hits our side. > > //Jason > > From: Mel Beckman <m...@beckman.org<mailto:m...@beckman.org>> > Date: Sunday, August 2, 2015 at 4:20 PM > To: Jason LeBlanc <jason.lebl...@infusionsoft.com<mailto: > jason.lebl...@infusionsoft.com>> > Cc: NANOG <nanog@nanog.org<mailto:nanog@nanog.org>> > Subject: Re: GoDaddy : DDoS :: Contact > > Not to be difficult, but how can it be a DDoS attack if it's coming from a > single IP? Normally you would just block this IP at your borders or ask > your upstreams to do so before it consumes your bandwidth. You still want > to get GoDaddy to address the problem, of course, but you should do that > via their ab...@godaddy.com<mailto:ab...@godaddy.com> contact, or their > abuse page at https://supportcenter.godaddy.com/AbuseReport/Index (submit > via the "malware" button). > > -mel > > On Aug 2, 2015, at 12:59 PM, Jason LeBlanc <jason.lebl...@infusionsoft.com > <mailto:jason.lebl...@infusionsoft.com>> wrote: > > My company is being DDoS'd by a single IP from a GoDaddy customer. > > I havent had success with the ab...@godaddy.com<mailto:ab...@godaddy.com> > email. Was hoping someone > that could help might be watching the list and could contact me off-list. > > > //Jason > > >