Bottiger, If what you are saying is true and can be backed by documentation, I would start at the abuse contact for the offending 'Amplifier' and then start working your way up the transits of the offending AS# until someone cuts them off. The Squeaky wheel gets the grease!
On Thu, Apr 23, 2020 at 3:33 PM Bottiger <bottige...@gmail.com> wrote: > There are many decent options for ddos protection in the US and Europe, > however there are very few in Brazil and Asia that support BGP. Servers and > bandwidth in these areas are much more expensive. > > Even though we are already doing anycast to split up the ddos attack, a > majority of the attack traffic is now ending up in these expensive areas, > and to top it off, these ISPs won't respond to abuse emails. > > It makes me wonder what the point of these abuse email are and if the > regional registries have any power to force them to reply. > > On Thu, Apr 23, 2020 at 3:12 PM Compton, Rich A <rich.comp...@charter.com> > wrote: > >> Good luck with that. 😊 As Damian Menscher has presented at NANOG, >> even if we do an amazing job and shut down 99% of all DDoS reflectors, >> there will still be enough bandwidth to generate terabit size attacks. >> https://stats.cybergreen.net >> >> I think we need to instead collectively focus on stopping the spoofed >> traffic that allows these attacks to be generated in the first place. >> >> -Rich >> >> >> >> *From: *NANOG Email List <nanog-boun...@nanog.org> on behalf of Bottiger >> <bottige...@gmail.com> >> *Date: *Thursday, April 23, 2020 at 3:32 PM >> *To: *Siyuan Miao <avel...@misaka.io> >> *Cc: *NANOG list <nanog@nanog.org> >> *Subject: *Re: Best way to get foreign ISPs to shut down DDoS reflectors? >> >> >> >> We are unable to upgrade our bandwidth in those areas. There are no >> providers within our budget there at the moment. Surely there must be some >> way to get them to respond. >> >> >> >> On Thu, Apr 23, 2020 at 2:23 PM Siyuan Miao <avel...@misaka.io> wrote: >> >> It won't work. >> >> >> >> Get a good DDoS protection and forget about it. >> >> >> >> On Fri, Apr 24, 2020 at 5:17 AM Bottiger <bottige...@gmail.com> wrote: >> >> Is there a guide on how to get foreign ISPs to shut down reflectors used >> in DDoS attacks? >> >> >> >> I've tried sending emails listed under abuse contacts for their regional >> registries. Either there is none listed, the email is full, email does not >> exist, or they do not reply. Same results when sending to whatever other >> email they have listed. >> >> >> >> Example Networks: >> >> >> >> CLARO S.A. >> >> Telefonica >> >> China Telecom >> >> Korea Telecom >> >> The contents of this e-mail message and >> any attachments are intended solely for the >> addressee(s) and may contain confidential >> and/or legally privileged information. If you >> are not the intended recipient of this message >> or if this message has been addressed to you >> in error, please immediately alert the sender >> by reply e-mail and then delete this message >> and any attachments. If you are not the >> intended recipient, you are notified that >> any use, dissemination, distribution, copying, >> or storage of this message or any attachment >> is strictly prohibited. >> >
