I highly doubt NTT or any other major transit provider would ever cut off Korea Telecom or China Telecom. And these are reflectors, they are not part of a botnet.
On Thu, Apr 23, 2020 at 5:11 PM TJ Trout <t...@pcguys.us> wrote: > Bottiger, > > If what you are saying is true and can be backed by documentation, I would > start at the abuse contact for the offending 'Amplifier' and then start > working your way up the transits of the offending AS# until someone cuts > them off. > The Squeaky wheel gets the grease! > > On Thu, Apr 23, 2020 at 3:33 PM Bottiger <bottige...@gmail.com> wrote: > >> There are many decent options for ddos protection in the US and Europe, >> however there are very few in Brazil and Asia that support BGP. Servers and >> bandwidth in these areas are much more expensive. >> >> Even though we are already doing anycast to split up the ddos attack, a >> majority of the attack traffic is now ending up in these expensive areas, >> and to top it off, these ISPs won't respond to abuse emails. >> >> It makes me wonder what the point of these abuse email are and if the >> regional registries have any power to force them to reply. >> >> On Thu, Apr 23, 2020 at 3:12 PM Compton, Rich A <rich.comp...@charter.com> >> wrote: >> >>> Good luck with that. 😊 As Damian Menscher has presented at NANOG, >>> even if we do an amazing job and shut down 99% of all DDoS reflectors, >>> there will still be enough bandwidth to generate terabit size attacks. >>> https://stats.cybergreen.net >>> >>> I think we need to instead collectively focus on stopping the spoofed >>> traffic that allows these attacks to be generated in the first place. >>> >>> -Rich >>> >>> >>> >>> *From: *NANOG Email List <nanog-boun...@nanog.org> on behalf of >>> Bottiger <bottige...@gmail.com> >>> *Date: *Thursday, April 23, 2020 at 3:32 PM >>> *To: *Siyuan Miao <avel...@misaka.io> >>> *Cc: *NANOG list <nanog@nanog.org> >>> *Subject: *Re: Best way to get foreign ISPs to shut down DDoS >>> reflectors? >>> >>> >>> >>> We are unable to upgrade our bandwidth in those areas. There are no >>> providers within our budget there at the moment. Surely there must be some >>> way to get them to respond. >>> >>> >>> >>> On Thu, Apr 23, 2020 at 2:23 PM Siyuan Miao <avel...@misaka.io> wrote: >>> >>> It won't work. >>> >>> >>> >>> Get a good DDoS protection and forget about it. >>> >>> >>> >>> On Fri, Apr 24, 2020 at 5:17 AM Bottiger <bottige...@gmail.com> wrote: >>> >>> Is there a guide on how to get foreign ISPs to shut down reflectors used >>> in DDoS attacks? >>> >>> >>> >>> I've tried sending emails listed under abuse contacts for their regional >>> registries. Either there is none listed, the email is full, email does not >>> exist, or they do not reply. Same results when sending to whatever other >>> email they have listed. >>> >>> >>> >>> Example Networks: >>> >>> >>> >>> CLARO S.A. >>> >>> Telefonica >>> >>> China Telecom >>> >>> Korea Telecom >>> >>> The contents of this e-mail message and >>> any attachments are intended solely for the >>> addressee(s) and may contain confidential >>> and/or legally privileged information. If you >>> are not the intended recipient of this message >>> or if this message has been addressed to you >>> in error, please immediately alert the sender >>> by reply e-mail and then delete this message >>> and any attachments. If you are not the >>> intended recipient, you are notified that >>> any use, dissemination, distribution, copying, >>> or storage of this message or any attachment >>> is strictly prohibited. >>> >>
