Are we really this helpless? (Re: isprime DOS in progress)

Jeffrey Lyon jeffrey.lyon at blacklotus.net
Fri Jan 23 20:13:33 CST 2009


I respectfully disagree. Network engineers have to keep up with many
tasks and preventing DoS/DDoS should be the responsibility of
everyone. I see more folks worried about spam than they are actual
security.

My two cents.

-- 
Jeffrey Lyon, Leadership Team
jeffrey.lyon at blacklotus.net | http://www.blacklotus.net
Black Lotus Communications of The IRC Company, Inc.

Look for us at HostingCon 2009 in Washington, DC on August 10th - 12th
at Booth #401.



On Fri, Jan 23, 2009 at 9:05 PM, Seth Mattinen <sethm at rollernet.us> wrote:
> Noel Butler wrote:
>>
>> On Sat, 2009-01-24 at 07:21, Chris McDonald wrote:
>>
>>> We [AS3491] null0'd the IP earlier.  Rest-of-world encouraged to do the
>>> same :/
>>>
>>
>>
>>
>> Wrong approach, they are *innocent* in this as are the new targets.
>>
>> insert into your favourite acl:
>> deny udp host 66.230.160.1 neq 53 any eq 53
>> deny udp host 66.230.128.15 neq 53 any eq 53
>>
>> But it's much less work to add a filter on the name server as others
>> have mentioned.
>>
>>
>
>
> Having the world trying to keep up with ACL entries seems futile. Is there
> really nothing to be done about this? (Yes, I know, BCP38, but obviously the
> accomplice providers don't care.)
>
> ~Seth
>
>




More information about the NANOG mailing list