Death of the Internet, Film at 11

Mike Hammett nanog at ics-il.net
Sat Oct 22 15:08:48 UTC 2016


Not trolling in the least. I'm genuinely trying my best to help the greater community. 

Agreed on ShadowServer. I get their reports and I recommend others do the same. 

Oh, okay, I responded to someone that said: 

===== 
Every 
network operator who can do so, please raise your hand if you have 
*recently* scanned you own network and if you can -honestly- attest 
that you have taken all necessary steps to insure that none of the 
numerous specific types of CCVT thingies that Krebs and others identified 
weeks or months ago as being fundamentally insecure can emit a single 
packet out onto the public Internet. 
===== 

That's the direction I was heading. How can I as a network operator seek out and eliminate the sources of these attacks? 




----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

----- Original Message -----

From: "Brandon Butterworth" <brandon at rd.bbc.co.uk> 
To: nanog at ics-il.net 
Cc: nanog at nanog.org 
Sent: Saturday, October 22, 2016 10:02:42 AM 
Subject: Re: Death of the Internet, Film at 11 

> From nanog-bounces at nanog.org Sat Oct 22 15:51:34 2016 
> If they are easy to trace, then it should be easy for you to 
> tell me how to find them on my network. 

Not sure if you're trolling now, apologies if what I wrote 
wasn't clear. 

If you did want to find them before they attack then you could 
scan for them, the miscreants already did and easily found them. 

For some attack vectors there are services that are doing it 
for you, see the excellent 
https://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork 

> The addresses being known to them doesn't help me at all clean 
> up my network or help other networks clean up theirs. 

Did you read my whole mail? The suggestion is people who get attacked 
tell the ISPs of the devices doing the attacking 

> It would be rather difficult for me (and I'm sure many other operators) 
> to distinguish normal Dyn traffic from DDoS Dyn traffic. 

I was not suggesting you try and guess, I was suggesting you be given 
data from actual attacks. 

brandon 



More information about the NANOG mailing list