Re: Peering with abusers...good or bad?
Le 2018-03-02 23:11, Matthew Petach a écrit : > On Tue, Feb 27, 2018 at 4:13 PM, Dan Hollis wrote: > >> OVH does not suprise me in the least. >> >> Maybe this is finally what it will take to get people to de-peer them. > > If I de-peer them, I pay my upstream to carry the > attack traffic. > > If I maintain peering with them, the attack traffic is free. > > It would seem the economics work the other way around. > > It would be more cost effective for me to identify the largest sources > of attacks, and reach out to directly peer with them, to avoid paying > an upstream to carry the traffic, if I'm going to end up throwing it > away anyhow. We are always trying to reply asap on peer...@ovh.net if it's network related (it's not abuse and I don't manage it ;). You're welcome to share anything wrong so we can mitigate attack with our own antiddos system, if automatic detection didn't catched it. We are obviously not responsible for the memcached issue, and we get the same type / volume of attacks than everyone on input. You should not have a one way thought, and think about network peering is done with at least 2 peers which have sometimes the same problem without any direct responsibility. -- FABIEN VINCENT _@beufanet_
Re: Peering with abusers...good or bad?
On Sat, 3 Mar 2018 at 01:23, Baldur Norddahl wrote: > So I want to buy additional ports at each IX. The slowest speed they offer. > If I am lucky they have a free 100 Mbps. And then I just announce the > prefix I want to blackhole. Doesn't matter that the port overloads. I am > just going to null route the traffic anyway... Sure, that works. Those are called “choke ports”. Kind regards, Job >
Re: Peering with abusers...good or bad?
So I want to buy additional ports at each IX. The slowest speed they offer. If I am lucky they have a free 100 Mbps. And then I just announce the prefix I want to blackhole. Doesn't matter that the port overloads. I am just going to null route the traffic anyway... Regards Baldur Den 3. mar. 2018 01.12 skrev "Job Snijders" : On Sat, 3 Mar 2018 at 01:08, Bryan Holloway wrote: > > On 3/2/18 5:29 PM, Ca By wrote: > > On Fri, Mar 2, 2018 at 2:13 PM Matthew Petach > wrote: > > > >> On Tue, Feb 27, 2018 at 4:13 PM, Dan Hollis > >> wrote: > >>> OVH does not suprise me in the least. > >>> > >>> Maybe this is finally what it will take to get people to de-peer them. > >>> > >> > >> If I de-peer them, I pay my upstream to carry the > >> attack traffic. > >> > > > > Your isp will do rtbh > > > > Your peers wont > > > Some public IXs support RTBH ... Equinix, DE-CIX, to name two ... PNIs > is a different story. Those IX “blackhole” mechanisms are a perverse ineffective method that exists solely for marketing reasons. If you aren’t blackholing in the fabric you aren’t blackholing. Kind regards, Job >
Re: Peering with abusers...good or bad?
On Sat, 3 Mar 2018 at 01:08, Bryan Holloway wrote: > > On 3/2/18 5:29 PM, Ca By wrote: > > On Fri, Mar 2, 2018 at 2:13 PM Matthew Petach > wrote: > > > >> On Tue, Feb 27, 2018 at 4:13 PM, Dan Hollis > >> wrote: > >>> OVH does not suprise me in the least. > >>> > >>> Maybe this is finally what it will take to get people to de-peer them. > >>> > >> > >> If I de-peer them, I pay my upstream to carry the > >> attack traffic. > >> > > > > Your isp will do rtbh > > > > Your peers wont > > > Some public IXs support RTBH ... Equinix, DE-CIX, to name two ... PNIs > is a different story. Those IX “blackhole” mechanisms are a perverse ineffective method that exists solely for marketing reasons. If you aren’t blackholing in the fabric you aren’t blackholing. Kind regards, Job >
Re: Peering with abusers...good or bad?
On 3/2/18 5:29 PM, Ca By wrote: On Fri, Mar 2, 2018 at 2:13 PM Matthew Petach wrote: On Tue, Feb 27, 2018 at 4:13 PM, Dan Hollis wrote: OVH does not suprise me in the least. Maybe this is finally what it will take to get people to de-peer them. If I de-peer them, I pay my upstream to carry the attack traffic. Your isp will do rtbh Your peers wont Some public IXs support RTBH ... Equinix, DE-CIX, to name two ... PNIs is a different story. If I maintain peering with them, the attack traffic is free. It would seem the economics work the other way around. It would be more cost effective for me to identify the largest sources of attacks, and reach out to directly peer with them, to avoid paying an upstream to carry the traffic, if I'm going to end up throwing it away anyhow.
Re: Peering with abusers...good or bad?
On Fri, Mar 2, 2018 at 2:13 PM Matthew Petach wrote: > On Tue, Feb 27, 2018 at 4:13 PM, Dan Hollis > wrote: > > OVH does not suprise me in the least. > > > > Maybe this is finally what it will take to get people to de-peer them. > > > > If I de-peer them, I pay my upstream to carry the > attack traffic. > Your isp will do rtbh Your peers wont > If I maintain peering with them, the attack traffic is free. > > It would seem the economics work the other way around. > > It would be more cost effective for me to identify the largest sources > of attacks, and reach out to directly peer with them, to avoid paying > an upstream to carry the traffic, if I'm going to end up throwing it > away anyhow. >
Peering with abusers...good or bad?
On Tue, Feb 27, 2018 at 4:13 PM, Dan Hollis wrote: > OVH does not suprise me in the least. > > Maybe this is finally what it will take to get people to de-peer them. > If I de-peer them, I pay my upstream to carry the attack traffic. If I maintain peering with them, the attack traffic is free. It would seem the economics work the other way around. It would be more cost effective for me to identify the largest sources of attacks, and reach out to directly peer with them, to avoid paying an upstream to carry the traffic, if I'm going to end up throwing it away anyhow.