Best way to get foreign ISPs to shut down DDoS reflectors?

Bottiger bottiger10 at gmail.com
Thu Apr 23 22:33:35 UTC 2020


There are many decent options for ddos protection in the US and Europe,
however there are very few in Brazil and Asia that support BGP. Servers and
bandwidth in these areas are much more expensive.

Even though we are already doing anycast to split up the ddos attack, a
majority of the attack traffic is now ending up in these expensive areas,
and to top it off, these ISPs won't respond to abuse emails.

It makes me wonder what the point of these abuse email are and if the
regional registries have any power to force them to reply.

On Thu, Apr 23, 2020 at 3:12 PM Compton, Rich A <Rich.Compton at charter.com>
wrote:

> Good luck with that.  😊  As Damian Menscher has presented at NANOG, even
> if we do an amazing job and shut down 99% of all DDoS reflectors, there
> will still be enough bandwidth to generate terabit size attacks.
> https://stats.cybergreen.net
>
> I think we need to instead collectively focus on stopping the spoofed
> traffic that allows these attacks to be generated in the first place.
>
> -Rich
>
>
>
> *From: *NANOG Email List <nanog-bounces at nanog.org> on behalf of Bottiger <
> bottiger10 at gmail.com>
> *Date: *Thursday, April 23, 2020 at 3:32 PM
> *To: *Siyuan Miao <aveline at misaka.io>
> *Cc: *NANOG list <nanog at nanog.org>
> *Subject: *Re: Best way to get foreign ISPs to shut down DDoS reflectors?
>
>
>
> We are unable to upgrade our bandwidth in those areas. There are no
> providers within our budget there at the moment. Surely there must be some
> way to get them to respond.
>
>
>
> On Thu, Apr 23, 2020 at 2:23 PM Siyuan Miao <aveline at misaka.io> wrote:
>
> It won't work.
>
>
>
> Get a good DDoS protection and forget about it.
>
>
>
> On Fri, Apr 24, 2020 at 5:17 AM Bottiger <bottiger10 at gmail.com> wrote:
>
> Is there a guide on how to get foreign ISPs to shut down reflectors used
> in DDoS attacks?
>
>
>
> I've tried sending emails listed under abuse contacts for their regional
> registries. Either there is none listed, the email is full, email does not
> exist, or they do not reply. Same results when sending to whatever other
> email they have listed.
>
>
>
> Example Networks:
>
>
>
> CLARO S.A.
>
> Telefonica
>
> China Telecom
>
> Korea Telecom
>
> The contents of this e-mail message and
> any attachments are intended solely for the
> addressee(s) and may contain confidential
> and/or legally privileged information. If you
> are not the intended recipient of this message
> or if this message has been addressed to you
> in error, please immediately alert the sender
> by reply e-mail and then delete this message
> and any attachments. If you are not the
> intended recipient, you are notified that
> any use, dissemination, distribution, copying,
> or storage of this message or any attachment
> is strictly prohibited.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200423/e8501bee/attachment.html>


More information about the NANOG mailing list