GoDaddy : DoS :: Contact

Mel Beckman mel at beckman.org
Mon Aug 3 13:28:54 UTC 2015


I don’t see how. Blackholing works on destination address — it’s a route to null0. The source address isn’t considered and thus the traffic will still leave GoDaddy. GoDaddy could, I suppose, implement a policy route based on source address, but that’s really no different than an ACL. And it’s not a blackhole.

Anyway, since it's the GoDaddy edge your talking about, GoDaddy can simply disconnect the customer.

 -mel

On Aug 3, 2015, at 6:20 AM, Alistair Mackenzie <magicsata at gmail.com<mailto:magicsata at gmail.com>> wrote:


Source based black holing would work in this case providing it was done at GoDaddy's edge.

On 3 Aug 2015 01:58, "Mel Beckman" <mel at beckman.org<mailto:mel at beckman.org>> wrote:
Blackholing isn't what you want. That will still permit his source IP into your network, and only blackhole replies from your network, so the attack will still consume bandwidth. What you should request is a source IP ACL blocking that address at your upstream' border.

BGP is no help in these situations, unless you use a BGP-based DDoS protection service.

 -mel beckman

On Aug 2, 2015, at 5:17 PM, Jason LeBlanc <jason.leblanc at infusionsoft.com<mailto:jason.leblanc at infusionsoft.com><mailto:jason.leblanc at infusionsoft.com<mailto:jason.leblanc at infusionsoft.com>>> wrote:

Thanks Mel.  You are not being difficult, I meant DoS.  The network I inherited doesn't have BGP yet so I have asked our upstream to blackhole it and I emailed abuse neither have happened yet.  I do block it but that's after it hits our side.

//Jason

From: Mel Beckman <mel at beckman.org<mailto:mel at beckman.org><mailto:mel at beckman.org<mailto:mel at beckman.org>>>
Date: Sunday, August 2, 2015 at 4:20 PM
To: Jason LeBlanc <jason.leblanc at infusionsoft.com<mailto:jason.leblanc at infusionsoft.com><mailto:jason.leblanc at infusionsoft.com<mailto:jason.leblanc at infusionsoft.com>>>
Cc: NANOG <nanog at nanog.org<mailto:nanog at nanog.org><mailto:nanog at nanog.org<mailto:nanog at nanog.org>>>
Subject: Re: GoDaddy : DDoS :: Contact

Not to be difficult, but how can it be a DDoS attack if it's coming from a single IP? Normally you would just block this IP at your borders or ask your upstreams to do so before it consumes your bandwidth. You still want to get GoDaddy to address the problem, of course, but you should do that via their abuse at godaddy.com<mailto:abuse at godaddy.com><mailto:abuse at godaddy.com<mailto:abuse at godaddy.com>> contact, or their abuse page at https://supportcenter.godaddy.com/AbuseReport/Index (submit via the "malware" button).

 -mel

On Aug 2, 2015, at 12:59 PM, Jason LeBlanc <jason.leblanc at infusionsoft.com<mailto:jason.leblanc at infusionsoft.com><mailto:jason.leblanc at infusionsoft.com<mailto:jason.leblanc at infusionsoft.com>>> wrote:

My company is being DDoS'd by a single IP from a GoDaddy customer.

I havent had success with the abuse at godaddy.com<mailto:abuse at godaddy.com><mailto:abuse at godaddy.com<mailto:abuse at godaddy.com>> email.  Was hoping someone
that could help might be watching the list and could contact me off-list.


//Jason





More information about the NANOG mailing list