Side note: I asked Mikrotik and they accepted the feature request of changing their uRPF setting from being universal on the machine to being per-interface (as the kernel supports). That would make it easier for Mikrotik end-user-facing routers to block crap right at the edge, allowing for strict facing customer and loose elsewhere. They haven't implemented it yet, but they accepted the request. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Alexander Lyamin" <la@qrator.net> To: "Ronald F. Guilmette" <rfg@tristatelogic.com> Cc: "NANOG list" <nanog@nanog.org> Sent: Tuesday, October 25, 2016 3:29:56 AM Subject: Re: Dyn DDoS this AM? Yeah, it sucked to be a Dyn customer that day. However, if you had a backup dns provider, it wasnt that bad. You do realize that collateral effect scale is a property of a target and not attack? My point was that implementing MANRS, while isn't covering all of the spectrum of the attacks that made news this autumn will make at least some of them if not impossible, but harder to execute. And as I said - its work in progress. P.S. Jared Mauch notes regarding uRPF underperformance are correct, but it only shows how rarely its actually used in a real life. uRPF is more then feasible in terms of algorithmical complexity, and this means that bugs can be dealed with. On Tue, Oct 25, 2016 at 7:30 AM, Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
In message <CALoKGd15haJXthiT31Y_wk=-5UGLSRbusHv4b8btQ5nXv5Dmuw@mail. gmail.com>, Alexander Lyamin <la@qrator.net> wrote:
Its not a first time we have and large scale DDoS incident. Its not a first time we have (a kind of) knee-jerk reaction.
I could be wrong, but I think its the first time I've turned on CNN and seen a "heat map" of the incident showing the entire NorthEast / New England area, all the way down to Washington, and parts of California all blanketed in red.
So that part, at least, was, ya know, novel.
Regards, rfg
-- Alexander Lyamin CEO | Qrator <http://qrator.net/>* Labs* office: 8-800-3333-LAB (522) mob: +7-916-9086122 skype: melanor9 mailto: la@qrator.net