Getting hit hard by CHINANET
Eric Rogers
ecrogers at precisionds.com
Wed Mar 18 12:32:22 UTC 2015
We are using Mikrotik for a BGP blackhole server that collects BOGONs
from CYMRU and we also have our servers (web, email, etc.) use fail2ban
to add a bad IP to the Mikrotik. We then use BGP on all our core
routers to null route those IPs.
The ban-time is for a few days, and totally dynamic, so it isn't a
permanent ban. Seems to have cut down on the attempts considerably.
Eric Rogers
PDSConnect
www.pdsconnect.me
(317) 831-3000 x200
-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Roland Dobbins
Sent: Wednesday, March 18, 2015 6:04 AM
To: nanog at nanog.org
Subject: Re: Getting hit hard by CHINANET
On 18 Mar 2015, at 17:00, Roland Dobbins wrote:
> This is not an optimal approach, and most providers are unlikely to
> engage in such behavior due to its potential negative impact (I'm
> assuming you mean via S/RTBH and/or flowspec).
Here's one counterexample:
<https://ripe68.ripe.net/presentations/176-RIPE68_JSnijders_DDoS_Damage_
Control.pdf>
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the NANOG
mailing list