On 04/30/2013 05:28 PM, Thomas St-Pierre wrote:
The large majority of the servers being used in the attacks are not
open resolvers. Just DNS servers that are authoritative for a few
domains, and the default config of the dns application does referrals
to root for anything else.
It sounds like y
Well,
I was going more for a public list of ISP that refuse to BCP38 their
networks.
But that's just me =D
On point: (If your corporation is massive enough)
Basically:
. Mirror DST Port 53;
. Write some software to stats who's spamming the same DST IP with
the same quer
On May 1, 2013, at 5:42 PM, Jeff Wheeler wrote:
> The public list of smurf amplifiers turned out to be the only way to really
> deal with it.
It certainly helped; but the real solution was to get Cisco, et. al. to disable
directed broadcasts by default.
---
On Tue, Apr 30, 2013 at 8:35 PM, Jared Mauch wrote:
> Please provide advice and insights as well as directing customers to the
> openresolverproject.org website. We want to close these down, if you need an
> accurate list of IPs in your ASN, please email me and I can give you very
> accurate da
On May 1, 2013, at 7:42 AM, Thomas St-Pierre wrote:
> As for BCP38, I would love to stop the spoofed packets, however with them
> coming from our upstreams, (Level3, Cogent, Tata, etc) I don't see how we can.
Contact them on a case-by-case basis to report the spoofed traffic used to
stimulate
NANOG
list mailto:nanog@nanog.org>>
Subject: Re: Mitigating DNS amplification attacks
On Tue, Apr 30, 2013 at 5:28 PM, Thomas St-Pierre
mailto:tstpie...@iweb.com>> wrote:
On 13-04-30 7:57 PM, "Dobbins, Roland"
mailto:rdobb...@arbor.net>> wrote:
>On May 1, 2013, at 6:43 AM
Please look at something like rate limiting.
Please look at preventing these spoofed packets from entering your network and
report the issue.
Please provide advice and insights as well as directing customers to the
openresolverproject.org website. We want to close these down, if you need an
ac
On Tue, Apr 30, 2013 at 5:28 PM, Thomas St-Pierre wrote:
> On 13-04-30 7:57 PM, "Dobbins, Roland" wrote:
> >On May 1, 2013, at 6:43 AM, Thomas St-Pierre wrote:
> >
> >> We've been sending emails to our clients but as the servers are not
> >>managed by us, there's not much we can do at that level
Hi!
On 13-04-30 7:57 PM, "Dobbins, Roland" wrote:
>
>On May 1, 2013, at 6:43 AM, Thomas St-Pierre wrote:
>
>> We've been sending emails to our clients but as the servers are not
>>managed by us, there's not much we can do at that level.
>
>Sure, there is - shut them down if they don't comply.
On May 1, 2013, at 6:43 AM, Thomas St-Pierre wrote:
> We've been sending emails to our clients but as the servers are not managed
> by us, there's not much we can do at that level.
Sure, there is - shut them down if they don't comply. Most ISPs have AUP
verbiage which would apply to a situat
10 matches
Mail list logo
