Re: GoDaddy : DoS :: Contact

2015-08-03 Thread Jason LeBlanc
...@infusionsoft.com Cc: NANOG nanog@nanog.orgmailto:nanog@nanog.org Subject: Re: GoDaddy : DoS :: Contact Blackholing isn't what you want. That will still permit his source IP into your network, and only blackhole replies from your network, so the attack will still consume bandwidth. What you

Re: GoDaddy : DoS :: Contact

2015-08-03 Thread Alistair Mackenzie
Source based black holing would work in this case providing it was done at GoDaddy's edge. On 3 Aug 2015 01:58, Mel Beckman m...@beckman.org wrote: Blackholing isn't what you want. That will still permit his source IP into your network, and only blackhole replies from your network, so the

Re: GoDaddy : DoS :: Contact

2015-08-03 Thread Roland Dobbins
On 3 Aug 2015, at 20:28, Mel Beckman wrote: Blackholing works on destination address — it’s a route to null0. https://tools.ietf.org/html/rfc5635 --- Roland Dobbins rdobb...@arbor.net

Re: GoDaddy : DoS :: Contact

2015-08-03 Thread Mel Beckman
I don’t see how. Blackholing works on destination address — it’s a route to null0. The source address isn’t considered and thus the traffic will still leave GoDaddy. GoDaddy could, I suppose, implement a policy route based on source address, but that’s really no different than an ACL. And it’s

Re: GoDaddy : DoS :: Contact

2015-08-03 Thread Roland Dobbins
On 3 Aug 2015, at 20:46, Mel Beckman wrote: 1. From the RFC itself, you by definition sacrifice the victims address: 3.1. ...While this does complete the attack in that the target address(es) are made unreachable, collateral damage is minimized. It may also be possible to move the host or

Re: GoDaddy : DoS :: Contact

2015-08-03 Thread Roland Dobbins
On 3 Aug 2015, at 7:56, Mel Beckman wrote: BGP is no help in these situations, unless you use a BGP-based DDoS protection service. Anyone can set up S/RTBH on their transit-/peering-edge routers, even if they aren't using BGP for routing. Likewise flowspec, on routers which support it.

Re: GoDaddy : DoS :: Contact

2015-08-03 Thread Mel Beckman
There are two problems with Source-Based Remote Triggered Black Hole (S/RTBH): 1. From the RFC itself, you by definition sacrifice the victims address: 3.1. ...While this does complete the attack in that the target address(es) are made unreachable, collateral damage is minimized. It may

Re: GoDaddy : DoS :: Contact

2015-08-02 Thread Mel Beckman
Blackholing isn't what you want. That will still permit his source IP into your network, and only blackhole replies from your network, so the attack will still consume bandwidth. What you should request is a source IP ACL blocking that address at your upstream' border. BGP is no help in these

Re: GoDaddy : DoS :: Contact

2015-08-02 Thread Jason LeBlanc
Thanks Mel. You are not being difficult, I meant DoS. The network I inherited doesn’t have BGP yet so I have asked our upstream to blackhole it and I emailed abuse neither have happened yet. I do block it but that’s after it hits our side. //Jason From: Mel Beckman