On Thu, Apr 23, 2020 at 3:26 PM Ca By <cb.li...@gmail.com> wrote: > On Thu, Apr 23, 2020 at 3:14 PM Compton, Rich A <rich.comp...@charter.com> > wrote: > >> Good luck with that. 😊 As Damian Menscher has presented at NANOG, >> even if we do an amazing job and shut down 99% of all DDoS reflectors, >> there will still be enough bandwidth to generate terabit size attacks. >> https://stats.cybergreen.net >> >> I think we need to instead collectively focus on stopping the spoofed >> traffic that allows these attacks to be generated in the first place. >> >> -Rich >> > > The bcp38 religion has failed to deliver the promised land for 20 years. >
That's because it's been opt-in for thousands of ASNs. 1 spoofer is all you need to trigger all the reflectors. > A handful of transit providers is all you need to identify and filter all sources of spoofing. I do bcp38, i encourage others to as well, but i do not plan on it > unclogging the pipes in my lifetime. > > You will get more miles from ACL dropping and policing known bad traffic > (most of udp) > Do you have 10 Tbps of spare ingress capacity? If not, you should re-think your strategy (which may simply include a playbook for how to explain the outage to your customers). Damian *From: *NANOG Email List <nanog-boun...@nanog.org> on behalf of Bottiger < >> bottige...@gmail.com> >> *Date: *Thursday, April 23, 2020 at 3:32 PM >> *To: *Siyuan Miao <avel...@misaka.io> >> >> *Cc: *NANOG list <nanog@nanog.org> >> *Subject: *Re: Best way to get foreign ISPs to shut down DDoS reflectors? >> >> >> >> We are unable to upgrade our bandwidth in those areas. There are no >> providers within our budget there at the moment. Surely there must be some >> way to get them to respond. >> >> >> >> On Thu, Apr 23, 2020 at 2:23 PM Siyuan Miao <avel...@misaka.io> wrote: >> >> It won't work. >> >> >> >> Get a good DDoS protection and forget about it. >> >> >> >> On Fri, Apr 24, 2020 at 5:17 AM Bottiger <bottige...@gmail.com> wrote: >> >> Is there a guide on how to get foreign ISPs to shut down reflectors used >> in DDoS attacks? >> >> >> >> I've tried sending emails listed under abuse contacts for their regional >> registries. Either there is none listed, the email is full, email does not >> exist, or they do not reply. Same results when sending to whatever other >> email they have listed. >> >> >> >> Example Networks: >> >> >> >> CLARO S.A. >> >> Telefonica >> >> China Telecom >> >> Korea Telecom >> >> The contents of this e-mail message and >> any attachments are intended solely for the >> addressee(s) and may contain confidential >> and/or legally privileged information. If you >> are not the intended recipient of this message >> or if this message has been addressed to you >> in error, please immediately alert the sender >> by reply e-mail and then delete this message >> and any attachments. If you are not the >> intended recipient, you are notified that >> any use, dissemination, distribution, copying, >> or storage of this message or any attachment >> is strictly prohibited. >> >
