I agree Protonmail took a stance and believe many others can learn from their
experience. But let's not over simplify the problem. According to their blogs
the attacks were over 100G and went on for hours at a time over several days.
Attacks can go on for days and months. Protonmail found themselves up against
varying attack tactics and ultimately took a defense in depth approach to
mitigate the attack.
Null routing original ip completes the attack, game over , sever is down.
Granted this can help prevent colateral damages. Combined with proxies can
work well for dns redirect to route through cloud scrubbing but these solutions
can add latency and impact legitimate traffic also. With redirection there is
also the complexity of TLS/SSL (certificate management, privacy, etc.) And
then you must also consider ip based (non proxied) targets. These dns
redirect/proxy methods don't handle ip based attack targets and cause the need
to swing ip prefixes via bgp. Bottom line, attackers can impact the
infrastructure by varying their tactics and the approach should be well thought
out and multilayered.
Sent via the Samsung GALAXY S® 5, an AT&T 4G LTE smartphone
-------- Original message --------
From: Lyndon Nerenberg <[email protected]>
Date: 12/4/2015 12:14 AM (GMT-05:00)
To: North American Network Operators' Group <[email protected]>
Subject: Re: Staring Down the Armada Collective
On Dec 3, 2015, at 6:28 PM, Lyndon Nerenberg <[email protected]> wrote:
> Are we perhaps, finally, reaching the cusp where everyone has realized that
> if we all, collectively, tell the rodents to f*** off, they just might?
I should also mention that, despite their bluster, they can't keep it up for
more than half an hour.
By then, the upstream networks have figured it out and have null routed
anything of consequence - far upstream. Meanwhile, back haul your traffic in
via a private network and they won't be able to do shit to you. (E.g. the
standard Cloudflare model.)
They are not as smart as they make themselves out to be. Don't let fear drive
your decisions.
--lyndon
