Getting hit hard by CHINANET

Eric Rogers ecrogers at precisionds.com
Wed Mar 18 12:32:22 UTC 2015


We are using Mikrotik for a BGP blackhole server that collects BOGONs
from CYMRU and we also have our servers (web, email, etc.) use fail2ban
to add a bad IP to the Mikrotik.  We then use BGP on all our core
routers to null route those IPs.

The ban-time is for a few days, and totally dynamic, so it isn't a
permanent ban.  Seems to have cut down on the attempts considerably.

Eric Rogers
PDSConnect
www.pdsconnect.me
(317) 831-3000 x200


-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Roland Dobbins
Sent: Wednesday, March 18, 2015 6:04 AM
To: nanog at nanog.org
Subject: Re: Getting hit hard by CHINANET


On 18 Mar 2015, at 17:00, Roland Dobbins wrote:

> This is not an optimal approach, and most providers are unlikely to 
> engage in such behavior due to its potential negative impact (I'm 
> assuming you mean via S/RTBH and/or flowspec).

Here's one counterexample:

<https://ripe68.ripe.net/presentations/176-RIPE68_JSnijders_DDoS_Damage_
Control.pdf>

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>


More information about the NANOG mailing list