Patrick, We are client of 3 tier1. On our netflow collector, we can observe that RFC1918 sources ip traffic is entering our AS via 2 of those tier-1. Yes, 2 bigs tier-1 allow private ip traffic coming from their networks, clients, peerings to reach others customers, via Internet link, on public ip.....Of course this traffic is dropped on our BGP borders as we are filtering. But it's still filling the pipe, and this is still INVALID/UNNAUTHORIZED traffic. We wrote to them to verify if customers are technically allowed to send RFC1918 traffic over their backbone, and if we are also allowed to do so. And the answer was really evasive like :"contractually you're are not allowed". So now tell me WTF BCP38 will provide you when tier1 does not care at all and does not maintain basic filtering to/from their customers. And then they try to sell you their anti ddos services, because you know DDOS it sucks. Big joke. What about BCP38+84 on 30 tier-1 instead of asking/hoping 55k others autonomous-system having good filters in place ? -- Marcel On 21.10.2016 17:48, Patrick W. Gilmore wrote:
To the rest of the community: If you can help, please do. I know a lot of you are thinking “what can I do?" There is a lot you can do. BCP38 & BCP84 instantly come to mind. Sure, that doesn’t help Mirai, but it still helps. There are many other things you can do as well.