Stopping one vector that makes up the largest of DDoSes certainly isn't a bad thing.
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "James Bensley" <jwbens...@gmail.com> To: nanog@nanog.org Sent: Wednesday, August 3, 2016 9:40:17 AM Subject: Re: Host.us DDOS attack -and- related conversations On 3 August 2016 at 15:16, Alain Hebert <aheb...@pubnix.net> wrote: > PS: > > I will like to take this time to underline the lack of > participation from a vast majority of ISPs into BCP38 and the like. We > need to keep educating them at every occasion we have. > > For those that actually implemented some sort of tech against > it, you are a beacon of hope in what is a ridiculous situation that has > been happening for more than 15 years. At the risk of starting a "NANOG war" [1], BCP isn't a magic wand. If I find a zero day in the nasty customised kernels that OVH run on their clients boxes, I only need 300 compromised hosts to send 300Gbps of traffic without spoofing the IP or using amplification attacks [2]. I can rent a server with a 10Gbps connection for 1 hour for a few quid/dollars. I could generate hundreds of Gbps of traffic for about £1000 from legitimate IPs, paid for with stolen card details. How will BCP save you then? Can everyone stop praising it like it was a some magic bullet? James. [1] A pathetic and futile one, so different from the rest. [2] Subsitute OVH for any half decent provider that isn't really oversubscribed.
