mailing list archives
RE: Are we really this helpless? (Re: isprime DOS in progress)
From: "Frank Bulk" <frnkblk () iname com>
Date: Fri, 23 Jan 2009 21:58:56 -0600
What's interesting in all of this is that ISPrime has been experiencing this for most of this week, yet not them or any
of us has shared a network that is sourcing this traffic.
I know I haven't bothered asking my upstream provider which backbone provider is sending them the "ISPrime" traffic, so
I'm just as guilty as anyone.
From: Seth Mattinen [mailto:sethm () rollernet us]
Sent: Friday, January 23, 2009 8:06 PM
To: nanog () nanog org
Subject: Are we really this helpless? (Re: isprime DOS in progress)
Noel Butler wrote:
On Sat, 2009-01-24 at 07:21, Chris McDonald wrote:
We [AS3491] null0'd the IP earlier. Rest-of-world encouraged to do the same :/
Wrong approach, they are *innocent* in this as are the new targets.
insert into your favourite acl:
deny udp host 220.127.116.11 neq 53 any eq 53
deny udp host 18.104.22.168 neq 53 any eq 53
But it's much less work to add a filter on the name server as others
Having the world trying to keep up with ACL entries seems futile. Is
there really nothing to be done about this? (Yes, I know, BCP38, but
obviously the accomplice providers don't care.)