Re: Are we really this helpless? (Re: isprime DOS in progress)

Lorell, On Jan 25, 2009, at 5:27 PM, Lorell Hathcock wrote: Every time I see a post like the one below on this list, I can't help but feel like big brother has infiltrated the list. Someone stating the obvious implications of the lack of the Internet operations community to address a known

RE: Are we really this helpless? (Re: isprime DOS in progress)

January 23, 2009 11:06 PM To: Danny McPherson Cc: NANOG list Subject: Re: Are we really this helpless? (Re: isprime DOS in progress) On Jan 23, 2009, at 8:53 PM, Danny McPherson wrote: > You missed one.. Step 4: enable BCP 38 or similar > ingress source address spoofing mitigation mechanism &

Re: Are we really this helpless? (Re: isprime DOS in progress)

-original message- Subject: Re: Are we really this helpless? (Re: isprime DOS in progress) From: Michael Dillon Date: 25/01/2009 10:16 pm > > I think each point above is true -- BCP38 is indeed a technique, but > failure to universally implement it defaults to (almost) a trage

Re: Are we really this helpless? (Re: isprime DOS in progress)

> > I think each point above is true -- BCP38 is indeed a technique, but > failure to universally implement it defaults to (almost) a tragedy of the > commons. > > After ~10 years, it is surreal to me that we, as a community, are still > grappling with issues where it could be beneficial for the In

Re: Are we really this helpless? (Re: isprime DOS in progress)

Jon Kibler wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 valdis.kletni...@vt.edu wrote: Well, we *could* hunt down the perpetrators, pool some $$, and hire 3 or 4 baseball-bat wielding professional explainers to go explain our position to them. Figuring out how to do so without brea

Re: Are we really this helpless? (Re: isprime DOS in progress)

valdis.kletni...@vt.edu wrote: On Fri, 23 Jan 2009 18:33:14 PST, Seth Mattinen said: Back to my original question: is there really not a better solution? Well, we *could* hunt down the perpetrators, pool some $$, and hire 3 or 4 baseball-bat wielding professional explainers to go expl

Re: Are we really this helpless? (Re: isprime DOS in progress)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, Jan 24, 2009 at 6:05 PM, Mark Andrews wrote: >> BCP 38 isn't a license, it's a technique. > >There are plenty of cases in common law where as a owner >of something and you havn't taken reasonable steps to protect >or p

Re: Are we really this helpless? (Re: isprime DOS in progress)

In message , Marti n Hannigan writes: > On Sat, Jan 24, 2009 at 8:01 PM, Mark Andrews wrote: > > > > > In message <8c5f1fec-ff51-4ba2-a762-c13bc275e...@virtualized.org>, David > > Conrad writes: > > > It would seem that as ISPs implement DPI and protocol-specific traffic > > > shaping, they dama

Re: Are we really this helpless? (Re: isprime DOS in progress)

On Sat, Jan 24, 2009 at 8:01 PM, Mark Andrews wrote: > > In message <8c5f1fec-ff51-4ba2-a762-c13bc275e...@virtualized.org>, David > Conrad writes: > > It would seem that as ISPs implement DPI and protocol-specific traffic > > shaping, they damage the arguments that they can make claiming they > >

Re: Are we really this helpless? (Re: isprime DOS in progress)

In message <8c5f1fec-ff51-4ba2-a762-c13bc275e...@virtualized.org>, David Conrad writes: > It would seem that as ISPs implement DPI and protocol-specific traffic > shaping, they damage the arguments that they can make claiming they > have "common carrier" status with the inherent immunities th

Re: Are we really this helpless? (Re: isprime DOS in progress)

Jack, On Jan 23, 2009, at 9:34 PM, Jack Bates wrote: David Conrad wrote: Sad fact is that there are zillions of excuses. Unfortunately I suspect the only way we're going to make any progress on this will be for laws to be passed (or lawsuits to be filed) that impose a financial penalty on

Re: Are we really this helpless? (Re: isprime DOS in progress)

> > > But if they were in eastern Europe or Russia, wouldn't that solution be > considered standard business practice and thus be legal? > Assuming that you really believe such an outrageous statement, I went to to search for stories about people being arr

Re: Are we really this helpless? (Re: isprime DOS in progress)

J.D. Falk wrote: Seth Mattinen wrote: Jeffrey Lyon wrote: I respectfully disagree. Network engineers have to keep up with many tasks and preventing DoS/DDoS should be the responsibility of everyone. I see more folks worried about spam than they are actual security. Back to my original questi

Re: Are we really this helpless? (Re: isprime DOS in progress)

Seth Mattinen wrote: Jeffrey Lyon wrote: I respectfully disagree. Network engineers have to keep up with many tasks and preventing DoS/DDoS should be the responsibility of everyone. I see more folks worried about spam than they are actual security. Back to my original question: is there reall

Re: Are we really this helpless? (Re: isprime DOS in progress)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 valdis.kletni...@vt.edu wrote: > Well, we *could* hunt down the perpetrators, pool some $$, and hire 3 or 4 > baseball-bat wielding professional explainers to go explain our position to > them. Figuring out how to do so without breaking any laws is t

Re: Are we really this helpless? (Re: isprime DOS in progress)

On Jan 24, 2009, at 1:34 PM, Jack Bates wrote: Now I have fun trying to explain towards upstream management why a good security team and policy is important in anyone we purchase transit from. Apart from commercial DDoS mitigation services, how many folks have SLAs which specify DoS-rela

Re: Are we really this helpless? (Re: isprime DOS in progress)

David Conrad wrote: Sad fact is that there are zillions of excuses. Unfortunately I suspect the only way we're going to make any progress on this will be for laws to be passed (or lawsuits to be filed) that impose a financial penalty on ISPs through which these attacks propagate. Careful wha

Re: Are we really this helpless? (Re: isprime DOS in progress)

On Jan 23, 2009, at 10:06 PM, David Conrad wrote: Sad fact is that there are zillions of excuses. Unfortunately I suspect the only way we're going to make any progress on this will be for laws to be passed (or lawsuits to be filed) that impose a financial penalty on ISPs through which t

Re: Are we really this helpless? (Re: isprime DOS in progress)

On Jan 23, 2009, at 8:53 PM, Danny McPherson wrote: You missed one.. Step 4: enable BCP 38 or similar ingress source address spoofing mitigation mechanism on all customer ingress interfaces ... No more excuses, people.. Sad fact is that there are zillions of excuses. Unfortunately I suspect

Re: Are we really this helpless? (Re: isprime DOS in progress)

On Jan 23, 2009, at 9:10 PM, Christopher Morrow wrote: On Fri, Jan 23, 2009 at 10:31 PM, wrote: On Fri, 23 Jan 2009 18:33:14 PST, Seth Mattinen said: Back to my original question: is there really not a better solution? Well, we *could* hunt down the perpetrators, pool some $$, and hire

Re: Are we really this helpless? (Re: isprime DOS in progress)

On Fri, Jan 23, 2009 at 10:31 PM, wrote: > On Fri, 23 Jan 2009 18:33:14 PST, Seth Mattinen said: > >> Back to my original question: is there really not a better solution? > > Well, we *could* hunt down the perpetrators, pool some $$, and hire 3 or 4 > baseball-bat wielding professional explainers

RE: Are we really this helpless? (Re: isprime DOS in progress)

SPrime" traffic, so I'm just as guilty as anyone. Frank -Original Message- From: Seth Mattinen [mailto:se...@rollernet.us] Sent: Friday, January 23, 2009 8:06 PM To: nanog@nanog.org Subject: Are we really this helpless? (Re: isprime DOS in progress) Noel Butler wrote: >

Re: Are we really this helpless? (Re: isprime DOS in progress)

On Jan 23, 2009, at 10:31 PM, valdis.kletni...@vt.edu wrote: On Fri, 23 Jan 2009 18:33:14 PST, Seth Mattinen said: Back to my original question: is there really not a better solution? Well, we *could* hunt down the perpetrators, pool some $$, and hire 3 or 4 baseball-bat wielding professi

Re: Are we really this helpless? (Re: isprime DOS in progress)

On 1/23/09, Seth Mattinen wrote: > > Jeffrey Lyon wrote: > >> I respectfully disagree. Network engineers have to keep up with many >> tasks and preventing DoS/DDoS should be the responsibility of >> everyone. I see more folks worried about spam than they are actual >> security. >> >> > Back to my

Re: Are we really this helpless? (Re: isprime DOS in progress)

On Fri, 23 Jan 2009 18:33:14 PST, Seth Mattinen said: > Back to my original question: is there really not a better solution? Well, we *could* hunt down the perpetrators, pool some $$, and hire 3 or 4 baseball-bat wielding professional explainers to go explain our position to them. Figuring out h

Re: Are we really this helpless? (Re: isprime DOS in progress)

Jeffrey Lyon wrote: I respectfully disagree. Network engineers have to keep up with many tasks and preventing DoS/DDoS should be the responsibility of everyone. I see more folks worried about spam than they are actual security. Back to my original question: is there really not a better solutio

Re: Are we really this helpless? (Re: isprime DOS in progress)

On Fri, 23 Jan 2009, Jeffrey Lyon wrote: I respectfully disagree. Network engineers have to keep up with many tasks and preventing DoS/DDoS should be the responsibility of everyone. I see more folks worried about spam than they are actual security. Because non of us wantsto spend the next two d

Re: Are we really this helpless? (Re: isprime DOS in progress)

I respectfully disagree. Network engineers have to keep up with many tasks and preventing DoS/DDoS should be the responsibility of everyone. I see more folks worried about spam than they are actual security. My two cents. -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.

Are we really this helpless? (Re: isprime DOS in progress)

Noel Butler wrote: On Sat, 2009-01-24 at 07:21, Chris McDonald wrote: We [AS3491] null0'd the IP earlier. Rest-of-world encouraged to do the same :/ Wrong approach, they are *innocent* in this as are the new targets. insert into your favourite acl: deny udp host 66.230.160.1 neq 53 any e