Best way to get foreign ISPs to shut down DDoS reflectors?

Fri Apr 24 00:11:30 UTC 2020

Bottiger,

If what you are saying is true and can be backed by documentation, I would
start at the abuse contact for the offending 'Amplifier' and then start
working your way up the transits of the offending AS# until someone cuts
them off.
The Squeaky wheel gets the grease!

On Thu, Apr 23, 2020 at 3:33 PM Bottiger <bottiger10 at gmail.com> wrote:

> There are many decent options for ddos protection in the US and Europe,
> however there are very few in Brazil and Asia that support BGP. Servers and
> bandwidth in these areas are much more expensive.
>
> Even though we are already doing anycast to split up the ddos attack, a
> majority of the attack traffic is now ending up in these expensive areas,
> and to top it off, these ISPs won't respond to abuse emails.
>
> It makes me wonder what the point of these abuse email are and if the
> regional registries have any power to force them to reply.
>
> On Thu, Apr 23, 2020 at 3:12 PM Compton, Rich A <Rich.Compton at charter.com>
> wrote:
>
>> Good luck with that.  😊  As Damian Menscher has presented at NANOG,
>> even if we do an amazing job and shut down 99% of all DDoS reflectors,
>> there will still be enough bandwidth to generate terabit size attacks.
>> https://stats.cybergreen.net
>>
>> I think we need to instead collectively focus on stopping the spoofed
>> traffic that allows these attacks to be generated in the first place.
>>
>> -Rich
>>
>>
>>
>> *From: *NANOG Email List <nanog-bounces at nanog.org> on behalf of Bottiger
>> <bottiger10 at gmail.com>
>> *Date: *Thursday, April 23, 2020 at 3:32 PM
>> *To: *Siyuan Miao <aveline at misaka.io>
>> *Cc: *NANOG list <nanog at nanog.org>
>> *Subject: *Re: Best way to get foreign ISPs to shut down DDoS reflectors?
>>
>>
>>
>> We are unable to upgrade our bandwidth in those areas. There are no
>> providers within our budget there at the moment. Surely there must be some
>> way to get them to respond.
>>
>>
>>
>> On Thu, Apr 23, 2020 at 2:23 PM Siyuan Miao <aveline at misaka.io> wrote:
>>
>> It won't work.
>>
>>
>>
>> Get a good DDoS protection and forget about it.
>>
>>
>>
>> On Fri, Apr 24, 2020 at 5:17 AM Bottiger <bottiger10 at gmail.com> wrote:
>>
>> Is there a guide on how to get foreign ISPs to shut down reflectors used
>> in DDoS attacks?
>>
>>
>>
>> I've tried sending emails listed under abuse contacts for their regional
>> registries. Either there is none listed, the email is full, email does not
>> exist, or they do not reply. Same results when sending to whatever other
>> email they have listed.
>>
>>
>>
>> Example Networks:
>>
>>
>>
>> CLARO S.A.
>>
>> Telefonica
>>
>> China Telecom
>>
>> Korea Telecom
>>
>> The contents of this e-mail message and
>> any attachments are intended solely for the
>> addressee(s) and may contain confidential
>> and/or legally privileged information. If you
>> are not the intended recipient of this message
>> or if this message has been addressed to you
>> in error, please immediately alert the sender
>> by reply e-mail and then delete this message
>> and any attachments. If you are not the
>> intended recipient, you are notified that
>> any use, dissemination, distribution, copying,
>> or storage of this message or any attachment
>> is strictly prohibited.
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200423/7049b717/attachment.html>