DDOS attack -and- related conversations

Mike Hammett nanog at
Wed Aug 3 15:11:02 UTC 2016

Stopping one vector that makes up the largest of DDoSes certainly isn't a bad thing. 

Mike Hammett 
Intelligent Computing Solutions 


----- Original Message -----

From: "James Bensley" <jwbensley at> 
To: nanog at 
Sent: Wednesday, August 3, 2016 9:40:17 AM 
Subject: Re: DDOS attack -and- related conversations 

On 3 August 2016 at 15:16, Alain Hebert <ahebert at> wrote: 
> PS: 
> I will like to take this time to underline the lack of 
> participation from a vast majority of ISPs into BCP38 and the like. We 
> need to keep educating them at every occasion we have. 
> For those that actually implemented some sort of tech against 
> it, you are a beacon of hope in what is a ridiculous situation that has 
> been happening for more than 15 years. 

At the risk of starting a "NANOG war" [1], BCP isn't a magic wand. 

If I find a zero day in the nasty customised kernels that OVH run on 
their clients boxes, I only need 300 compromised hosts to send 300Gbps 
of traffic without spoofing the IP or using amplification attacks [2]. 

I can rent a server with a 10Gbps connection for 1 hour for a few 
quid/dollars. I could generate hundreds of Gbps of traffic for about 
£1000 from legitimate IPs, paid for with stolen card details. How will 
BCP save you then? Can everyone stop praising it like it was a some 
magic bullet? 


[1] A pathetic and futile one, so different from the rest. 

[2] Subsitute OVH for any half decent provider that isn't really oversubscribed. 

More information about the NANOG mailing list