DDOS solution recommendation

• Previous message (by thread): DDOS solution recommendation
• Next message (by thread): DDOS solution recommendation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Well there's going to be two sources of the attack... infested clients or machines setup for this purpose (usually in a datacenter somewhere). Enough people blackhole the attacking IPs, those IPs are eventually going to have a very limited view of the Internet. They may not care of it's a server in a datacenter being used to attack, but an infested home PC would care once they can't get to Google, FaceBook, Instagram, whatever. 

If the attacker's abuse contact doesn't care, then just brute force of more and more of the Internet being offline to them, they'll figure it out. 

You hit my honeypot IPs, blackholed for 30 days. You do a DNS request to my non-DNS servers, blackholed for 30 days. Same goes for NTP, mail, web, etc. You have more than say 5 bad login attempts to my mail server in 5 minutes, blackholed for 30 days. You're trying to access various web pages known for home router or Wordpress exploitation, blackholed for 30 days. 

No point in letting troublemakers (manual or scripted) spend more time on the network than necessary. The more people (as a collective or not) that do this, the better. 




----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 



----- Original Message -----

From: "Roland Dobbins" <rdobbins at arbor.net> 
To: nanog at nanog.org 
Sent: Sunday, January 11, 2015 7:24:55 AM 
Subject: Re: DDOS solution recommendation 


On 11 Jan 2015, at 20:07, Mike Hammett wrote: 

> but I'd think that if their network's abuse department was notified, 
> either they'd contact the customer about it issue or at least have on 
> file that they were notified. 

Just because we think something, that doesn't make it true. 

;> 

> The way to stop this stuff is for those millions of end users to clean 
> up their infected PCs. 

You may want to do some reading on this topic in order to gain a better 
understanding of the issues involved: 

<https://app.box.com/s/4h2l6f4m8is6jnwk28cg> 

Some of us have been dealing with DDoS attacks for a couple of decades, 
now. If it were a simple problem, we would've solved it long ago. 

Here's a hint: scale alone makes any problem literally orders of 
magnitude more difficult than any given instance thereof. 

----------------------------------- 
Roland Dobbins <rdobbins at arbor.net> 

• Previous message (by thread): DDOS solution recommendation
• Next message (by thread): DDOS solution recommendation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]