Getting hit hard by CHINANET

Colin Johnston colinj at gt86car.org.uk
Wed Mar 18 09:55:15 UTC 2015


would be interested to know of providers using bgp to auto block ranges from china

colin

Sent from my iPhone

> On 18 Mar 2015, at 09:49, "Roland Dobbins" <rdobbins at arbor.net> wrote:
> 
> 
>> On 18 Mar 2015, at 13:32, Mark Tinka wrote:
>> 
>> That's one of two issues - if the sources are overwhelming how does one scale that up without the use of some scrubbing service? Writing data plane filters that are customer-specific works (assuming you have the hardware for it), but can get unwieldy.
> 
> Some operators have specialized DDoS mitigation capabilities.  Others rely exclusively on basic network infrastructure-based mechanisms like D/RTBH, S/RTBH, and/or flowspec.
> 
>> The other issues are the chance to boo-boo things when filtering a customer-facing port, and/or forgetting to remove filters after they are needed and customer (or the remote end) ends up having reachability issues.
> 
> Sure.  But this doesn't obviate the fact that cooperative DDoS mitigation amongst network operators routinely takes place on the Internet today, and is increasingly made available in one form or another to end-customers who request same.
> 
> -----------------------------------
> Roland Dobbins <rdobbins at arbor.net>


More information about the NANOG mailing list