e well-understood and -documented, and a bit of research
can help bring one up to speed on them pretty quickly.
--------
Roland Dobbins
mer A the ability to interfere with Customer B's traffic,
and the difficulty of implementing such constraints). It can be an
option worth exploring, in many circumstances.
--------
Roland Dobbins
On 30 Apr 2016, at 19:56, Pierre Lamy wrote:
> to null out the destination rather than the source.
<https://tools.ietf.org/html/rfc5635>
-------
Roland Dobbins
to provide for a higher degree of automation, increased
rapidity of response, and interoperability in both inter- and
intra-network DDoS mitigation scenarios.
---
Roland Dobbins
stood out in my mind); those
espousing it pretty quickly changed their tunes once their networks had
been knocked flat a couple of times.
;>
---
Roland Dobbins
on reading various reports and research papers,
but rather upon our actions which generate the data and experiential
observations upon which such reports and research papers are based.
-----------
Roland Dobbins
ing-Opensourcely-wp.pdf>
Just keep in mind, *nothing* is perfect.
---
Roland Dobbins
their ISPs?
;>
---
Roland Dobbins
dom, if ever, accomplishes anything
useful in terms of successfully defending against DDoS attacks.
---
Roland Dobbins
're now experiencing.
Sometimes it isn't possible, of course.
-------
Roland Dobbins
On 13 Jun 2016, at 8:52, Kasper Adel wrote:
> 2) Do some planning and research first.
This.
---
Roland Dobbins
uring they can be enforced.
---
Roland Dobbins
m with NAT; as CGN becomes
more prevalent on wireline broadband networks, it's only going to get
worse.
AFAIK, PSN doesn't support IPv6. That would be another topic of
discussion with the operational folks.
-------
Roland Dobbins
is a dearth of engagement of clueful folks in the global
operational community. Some gaming-oriented networks are
well-represented; others are not, sadly.
-------
Roland Dobbins
re sending .gifs or
something, surely this might be possible, yes?
It seems within the realm of possibility this sort of response - or lack
thereof - could result in some gaming network operators becoming a bit
jaded. And perhaps some customers, too.
-------
Roland Dobbins
e's
no separation in the public mind of 'my network' from 'the Internet'
that is analogous to the separation between 'the power company' and 'the
electrical wiring in my house/apartment' (and even in that space, the
conceptual separation often isn't present).
---
Roland Dobbins
iferation of connected devices - militates against user
troubleshooting, as well.
---
Roland Dobbins
elf how many people set up and use 2FA for any online service
which supports it, on their own initiative (i.e., not having a bank ship
them a pre provisioned dongle). The number of people capable of doing
this troubleshooting for themselves is roughly equivalent to the number
of people who've successfully set up 2FA on their own initiative.
---
Roland Dobbins
g similar would work here.
Concur that this is the least-improbable model, absolutely.
But keep in mind that subscriptions/services for in-home wiring were
(and are) also a tiny percentage of the user base.
-------
Roland Dobbins
cle of clothing they own, every can of
soda in their refrigerator, ever major (and many minor) components of
their automobiles, every blade in their windowshades, etc.
-------
Roland Dobbins
e a single provider, just as
they typically do for electricity and water.
-------
Roland Dobbins
On 27 Sep 2016, at 22:37, Patrick W. Gilmore wrote:
All the more reason to educate people TODAY on why having vulnerable
devices is a Very Bad Idea.
Yes, but how do they determine that a given device is vulnerable?
---
Roland Dobbins
* the unruly children, but *choose* to ignore them. That's
the difference.
Keep in mind, most of the folks on this list are not representative of
the average consumer in terms of the skill-sets which are relevant in
this problem space.
-------
Roland Dobbins
world, however.
Especially the Internet part.
;>
---
Roland Dobbins
On 28 Sep 2016, at 0:18, Brielle Bruns wrote:
> I call shenanigans on providers not seeing their unruly users.
I was talking about the users, not the ISPs.
---
Roland Dobbins
moving
forward.
-------
Roland Dobbins
On 20 Oct 2016, at 23:32, Mark Tinka wrote:
Some requirements call for Ethernet transport as opposed to IP.
Sure - but it's probably worth revisiting the origins of those
requirements, and whether there are better alternatives.
---
Roland Dobbins
On 21 Oct 2016, at 23:01, Mike Hammett wrote:
> Are there sites that can test your BCP38\84 compliance?
<https://www.caida.org/projects/spoofer/>
-------
Roland Dobbins
On 26 Oct 2016, at 0:41, Gary Baribault wrote:
> other than the two local major ISPs (keeping last Friday in mind!)
. . . why would you want to expose them to the public Internet at all?
There are many, many reasons not to do so.
---
Roland Dobbins
e actors' are somehow 'learning how
to take down the Internet' is equally uninformed. State actors already
know how to do this, they don't need to 'learn' or 'test' anything.
DDoS attacks are the Great Equalizer; when it comes to DDoS,
nation-states are just another player.
---
Roland Dobbins
On 2 Dec 2016, at 22:31, Christopher Morrow wrote:
> that statement seems ... hard to prove.
Paging Geoff Huston to the white courtesy phone . . .
;>
---
Roland Dobbins
On 5 Dec 2016, at 21:50, Graham Johnston wrote:
What is your preferred one and why?
<http://testmy.net/>
Thorough, reasonable teat methodology, allows one to store history,
decent range of test servers worldwide.
---
Roland Dobbins
esync queries, or lots of level-6/level-7 admin
command attempts?
---
Roland Dobbins
On 16 Dec 2016, at 10:09, Dan Drown wrote:
This seems more like "someone pushed out bad firmware" rather than
something malicious.
Everything old is new again . . .
-------
Roland Dobbins
On 16 Dec 2016, at 10:16, Roland Dobbins wrote:
>
<http://pages.cs.wisc.edu/~plonka/netgear-sntp/>
-------
Roland Dobbins
On 16 Dec 2016, at 10:17, Roland Dobbins wrote:
<http://pages.cs.wisc.edu/~plonka/netgear-sntp/>
Over on nznog, Cameron Bradley posited that this may be related to a
TR-069/-064 Mirai variant, which makes use of a 'SetNTPServers' exploit.
Perhaps one of them is
?
---
Roland Dobbins
On 16 Dec 2016, at 16:40, Roland Dobbins wrote:
Looking at the source IP distribution, does a significant proportion
of the larger query base seem to originate out-of-region?
And are do they appear to be mostly broadband access networks, or
On 17 Dec 2016, at 0:13, Job Snijders wrote:
There are providers who inspect the AS_PATH's contents and make
decisions to reject (ignore) a route announcement or
not based on the presence of certain values.
+1
---
Roland Dobbins
On 20 Dec 2016, at 12:18, Laurent Dumont wrote:
> As a student in the field, this is the kind of stuff I live for! ;)
<https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse#Notable_cases>
-------
Roland Dobbins
On 22 Dec 2016, at 20:27, Jean | ddostest.me via NANOG wrote:
the already known Layer 4 amp DDoS like dns, ntp, ssdp, snmp
These are layer-7 reflection/amplification attacks - i.e.,
application-layer - *not* layer-4.
---
Roland Dobbins
ter/ttl-expiry-attack.html>
-----------
Roland Dobbins
ectory services, per se.
Can you provide more context?
-------
Roland Dobbins
nature, I've been waiting
for the ITU to impose GOSIP or whatever on us for the last ~30 years or
so - but so far, nothing much has happened in that regard.
Is there actually a reason to suspect that this time it will be any
different?
---
Roland Dobbins
On 7 Jan 2017, at 14:22, Joly MacFie wrote:
> Blind backlash from IoT DDoS? Looming billions of rf tagged items?
None of this has anything to do with this 'DOA' thing, though.
-------
Roland Dobbins
tworking-Technology-ebook/dp/B0051TM5L2/>
-----------
Roland Dobbins
On 15 Aug 2018, at 6:28, Grant Taylor via NANOG wrote:
> Is there something that I've missed the boat on?
No - it's a belt-and-suspenders sort of thing, along with GTSM.
-------
Roland Dobbins
it the attacker.
-------
Roland Dobbins
/s/xznjloitly2apixr5xge>
-----------
Roland Dobbins
neral.
---
Roland Dobbins
ng_Isp_v2.pdf>
-------
Roland Dobbins
and should use them in a
situationally-appropriate manner. And when we're using techniques like
QoSing down certain ports/protocols, we must err on the side of caution,
lest we cause larger problems than the attacks themselves.
---
Roland Dobbins
in your span of administrative control.
* btw, what can you experts tell me about tcp-based volumetric
attacks...
TCP reflection/amplification.
-----------
Roland Dobbins
point is that when applying broad policies of this nature, one must
be very conservative, else one can cause larger problems on a macro
scale. Internet ateriosclerosis is a significant issue.
-------
Roland Dobbins
niversal source-address validation (SAV). Without the ability to
spoof, there would be no reflection/amplification attacks.
-------
Roland Dobbins
rt of capability, too.
---
Roland Dobbins
on Windows boxes, IIRC.
-------
Roland Dobbins
You may need one
set of ACLs at the peering/transit edge, and other, more specific ACLs,
at the IDC distribution gateway, customer aggregation gateway, et. al.
---
Roland Dobbins
On 27 May 2017, at 0:54, valdis.kletni...@vt.edu wrote:
> I'll go out on a limb and suggest that except for a very basic home/SOHO
> network, "You may need" should be "You will probably need".
Concur, heh.
-------
Roland Dobbins
On 27 May 2017, at 0:19, Roland Dobbins wrote:
> <https://app.box.com/s/ko8lk4vlh1835p36na3u>
This is the correct URI for the first preso, apologies:
<https://app.box.com/s/osk4po8ietn1zrjjmn8b>
-------
Roland Dobbins
access
policies at the IDC edge which disallow unwanted UDP/11211 as well as
TCP/11211 from reaching abusable memcached deployments.
-------
Roland Dobbins
infrastructure self-protection concepts:
<https://app.box.com/s/osk4po8ietn1zrjjmn8b>
---
Roland Dobbins
by hand.
----
Roland Dobbins // <http://www.arbornetworks.com>
Most software today is very much like an Egyptian pyramid, with millions
of bricks piled on top of each other, with no structural integrity, but
just done by b
//files.me.com/roland.dobbins/dweagy>
--------
Roland Dobbins // <http://www.arbornetworks.com>
Most software today is very much like an Egyptian pyramid, with millions
of bricks piled on top of each other, with no structura
re the integrity of its answers, and which
is already in the initial stages of its deployment - i.e., DNSSEC?
Note I'm not advocating this position, per se, just being sure I understand the
argument for purposes of discussion.
----------
ope this wouldn't be the case, yes?
----
Roland Dobbins // <http://www.arbornetworks.com>
Most software today is very much like an Egyptian pyramid, with millions
of bricks piled on top of each other, with no struct
to the addressing folks,
who would then proceed to create/administer their RRs/certs without further
day-to-day reference to the DNS folks.
----
Roland Dobbins // <http://www.arbornetworks.com>
Most software today is very
NSSEC is in the initial stages of deployment.
3. There's additional relevant work going on which would make DNS more
suitable for this application.
4. Deployment inertia.
----
Roland Dobbins // <http://www.a
;t really have a choice, now, do they?
;>
--------
Roland Dobbins // <http://www.arbornetworks.com>
Most software today is very much like an Egyptian pyramid, with millions
of bricks piled on top of each other, with no st
walls in front of client access LANs, and
everything behind said stateful firewalls, from DDoS.
----
Roland Dobbins // <http://www.arbornetworks.com>
Most software today is very much like an Egyptian pyramid, with millions
o
oesn't take into account hinted scanning via routing table lookups,
whois lookups, and walking reverse DNS, not to mention making use of ND
mechanisms once a single box on a given subnet has been successfully botted.
--------
of hinted
scanning.
--------
Roland Dobbins // <http://www.arbornetworks.com>
Most software today is very much like an Egyptian pyramid, with millions
of bricks piled on top of each other, with no structural integrity, but
just done by brute forc
tion seem to
be assuming that the assignment and consumption of IPv6 addresses (and
networking technology and the Internet in general) will continue to be
constrained by the current four-decade-old paradigm into the foreseeable future.
---------
ich, given the prevalence of broken PMTU-D alone, is
apparently not well-understood in many quarters, heh.
----
Roland Dobbins // <http://www.arbornetworks.com>
Most software today is very much like an Egyptian pyramid, with mi
to share your optimism in that regard.
;>
--------
Roland Dobbins // <http://www.arbornetworks.com>
Most software today is very much like an Egyptian pyramid, with millions
of bricks piled on top of each other, with no structural integrity
x27;s where the real money is.
--------
Roland Dobbins // <http://www.arbornetworks.com>
Most software today is very much like an Egyptian pyramid, with millions
of bricks piled on top of each other, with no structural integrit
nobody has heretofore thought of, heh.
;>
--------
Roland Dobbins // <http://www.arbornetworks.com>
Most software today is very much like an Egyptian pyramid, with millions
of bricks piled on top of each other, with no struc
ou contributed to the survey which forms the foundation of the report;
as always, we're grateful for your insight and participation, and welcome your
feedback and comments.
Thanks much!
------------
Roland Dobbins // <http://www.arbornetworks.com>
mention.
----
Roland Dobbins // <http://www.arbornetworks.com>
Randy Bush wrote:
>i am on the apricot 2014 pc. we do not have a submission on nap defense. can
>someone please do one?
I can, see my reply on apops.
---
Roland Dobbins
ike 'paid peering', but with a slightly different emphasis) monetary
exchanges?
------
Roland Dobbins // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
tarted:
<http://mailman.nanog.org/pipermail/nanog/2010-January/016747.html>
Ensure you have flow telemetry enabled at all your edges; there are open-source
tools like nfsen/nfdump that you can get started with quickly.
----------
Rola
n money to a DDoSer.
------
Roland Dobbins // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
On May 23, 2014, at 3:38 AM, Barry Shein wrote:
> Some real life experience and results, case studies.
Some of us have quite a bit of real-life experience and results in these
situations.
--
Roland Dobbins // &l
On May 23, 2014, at 11:22 AM, Blake Dunlap wrote:
> Most of us wish we didn't.
Concur 100%.
------
Roland Dobbins // <http://www.arbornetworks.com>
Equo ne c
share.
But never, under any circumstances, for any reason, no matter who advises you
to do so, should you pay.
----------
Roland Dobbins // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
lar recommendation, and
would urge others to seriously think before doing it.
------
Roland Dobbins // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
On Jun 28, 2014, at 9:32 PM, Markus wrote:
> Any other recommendations?
Law enforcement.
--
Roland Dobbins // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
SYN-floods and the like.
--
Roland Dobbins // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
n limits and all that stuff aren't enough, either.
------
Roland Dobbins // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
about NATted
wireless networks going down due to this sort of thing. It's a real problem.
Also, there are horizontal behaviors which are undesirable, as well.
------
Roland Dobbins // <http://www.arbornetworks.com>
ich don't
employ me.
<http://tools.ietf.org/html/rfc5635>
------
Roland Dobbins // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
to perform filtering on an as-needed basis.
--
Roland Dobbins // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
s a difference?
------
Roland Dobbins // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
in the path . . .
------
Roland Dobbins // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
ccur.
Do *not* perform wholesale blocking of non-initial fragments (i.e., src/dst
port 0), or you will have many unhappy customers and soon-to-be former
customers.
;>
-------
Roland Dobbins
ategorical advice, you can't really crowdsource the
architecture, design, deployment, and operations of your network.
;>
------
Roland Dobbins // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
incomplete (29 bytes?) . . .
----------
Roland Dobbins // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
use a VPN. Problem
solved.
------
Roland Dobbins // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
On Aug 26, 2014, at 8:26 PM, Stephen Satchell wrote:
> qotd17/udp quote
No, that's the protocol number - 17 is UDP - not the port number.
------
Roland Dobbins // <http://www.arborn
1 - 100 of 437 matches
Mail list logo
