Krebs on Security booted off Akamai network after DDoS attack proves pricey
Ca By
cb.list6 at gmail.com
Sun Sep 25 14:36:18 UTC 2016
On Sunday, September 25, 2016, Jay Farrell via NANOG <nanog at nanog.org>
wrote:
> And of course Brian Krebs has a thing or two to say, not the least is which
> to push for BCP38 (good luck with that, right?).
>
> https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/
>
>
Yeh, bcp38 is not a viable solution.
As long as their is one spoof capable network on the net, the problem will
not be solved. While bcp38 is a true bcp, it is not a solution. It will
not, and has not, moved the needle.
A solution is aggregating the telemetry of source IP addresses in the
botnet and assigning blame and liability to the owners of the IP addresses
/ host ASN.
The networks can then use AUP to shutdown the bot members.
As where http://openntpproject.org/ was a proactive approach, Kreb's data
can be reactive approach. And since the data is evidence of a crime, the
network operators can enforce the AUP. The attack did happen. This ip was
involved. Remediation is required.
>From there, the host ASN can
> On Sun, Sep 25, 2016 at 12:43 AM, Jay R. Ashworth <jra at baylink.com
> <javascript:;>> wrote:
>
> > ----- Original Message -----
> > > From: "Jay Farrell via NANOG" <nanog at nanog.org <javascript:;>>
> >
> > > And of course on windows ipconfig /flushdns
> > >
> > > Still I had to wait for my corporate caching servers to update; I think
> > the
> > > TTL on the old A record was an hour.
> >
> > Are big eyeball networks still flooring A record TTLs on resolution?
> >
> > Cheers,
> > -- jra
> > --
> > Jay R. Ashworth Baylink
> > jra at baylink.com <javascript:;>
> > Designer The Things I Think RFC
> > 2100
> > Ashworth & Associates http://www.bcp38.info 2000 Land
> > Rover DII
> > St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647
> > 1274
> >
>
More information about the NANOG
mailing list