Best way to get foreign ISPs to shut down DDoS reflectors?

Fri Apr 24 21:39:07 UTC 2020

I highly doubt NTT or any other major transit provider would ever cut off
Korea Telecom or China Telecom. And these are reflectors, they are not part
of a botnet.

On Thu, Apr 23, 2020 at 5:11 PM TJ Trout <tj at pcguys.us> wrote:

> Bottiger,
>
> If what you are saying is true and can be backed by documentation, I would
> start at the abuse contact for the offending 'Amplifier' and then start
> working your way up the transits of the offending AS# until someone cuts
> them off.
> The Squeaky wheel gets the grease!
>
> On Thu, Apr 23, 2020 at 3:33 PM Bottiger <bottiger10 at gmail.com> wrote:
>
>> There are many decent options for ddos protection in the US and Europe,
>> however there are very few in Brazil and Asia that support BGP. Servers and
>> bandwidth in these areas are much more expensive.
>>
>> Even though we are already doing anycast to split up the ddos attack, a
>> majority of the attack traffic is now ending up in these expensive areas,
>> and to top it off, these ISPs won't respond to abuse emails.
>>
>> It makes me wonder what the point of these abuse email are and if the
>> regional registries have any power to force them to reply.
>>
>> On Thu, Apr 23, 2020 at 3:12 PM Compton, Rich A <Rich.Compton at charter.com>
>> wrote:
>>
>>> Good luck with that.  😊  As Damian Menscher has presented at NANOG,
>>> even if we do an amazing job and shut down 99% of all DDoS reflectors,
>>> there will still be enough bandwidth to generate terabit size attacks.
>>> https://stats.cybergreen.net
>>>
>>> I think we need to instead collectively focus on stopping the spoofed
>>> traffic that allows these attacks to be generated in the first place.
>>>
>>> -Rich
>>>
>>>
>>>
>>> *From: *NANOG Email List <nanog-bounces at nanog.org> on behalf of
>>> Bottiger <bottiger10 at gmail.com>
>>> *Date: *Thursday, April 23, 2020 at 3:32 PM
>>> *To: *Siyuan Miao <aveline at misaka.io>
>>> *Cc: *NANOG list <nanog at nanog.org>
>>> *Subject: *Re: Best way to get foreign ISPs to shut down DDoS
>>> reflectors?
>>>
>>>
>>>
>>> We are unable to upgrade our bandwidth in those areas. There are no
>>> providers within our budget there at the moment. Surely there must be some
>>> way to get them to respond.
>>>
>>>
>>>
>>> On Thu, Apr 23, 2020 at 2:23 PM Siyuan Miao <aveline at misaka.io> wrote:
>>>
>>> It won't work.
>>>
>>>
>>>
>>> Get a good DDoS protection and forget about it.
>>>
>>>
>>>
>>> On Fri, Apr 24, 2020 at 5:17 AM Bottiger <bottiger10 at gmail.com> wrote:
>>>
>>> Is there a guide on how to get foreign ISPs to shut down reflectors used
>>> in DDoS attacks?
>>>
>>>
>>>
>>> I've tried sending emails listed under abuse contacts for their regional
>>> registries. Either there is none listed, the email is full, email does not
>>> exist, or they do not reply. Same results when sending to whatever other
>>> email they have listed.
>>>
>>>
>>>
>>> Example Networks:
>>>
>>>
>>>
>>> CLARO S.A.
>>>
>>> Telefonica
>>>
>>> China Telecom
>>>
>>> Korea Telecom
>>>
>>> The contents of this e-mail message and
>>> any attachments are intended solely for the
>>> addressee(s) and may contain confidential
>>> and/or legally privileged information. If you
>>> are not the intended recipient of this message
>>> or if this message has been addressed to you
>>> in error, please immediately alert the sender
>>> by reply e-mail and then delete this message
>>> and any attachments. If you are not the
>>> intended recipient, you are notified that
>>> any use, dissemination, distribution, copying,
>>> or storage of this message or any attachment
>>> is strictly prohibited.
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200424/f31d021d/attachment.html>