We have had a DOS attack for over 12 hours. I simply want them to null route or black hole an address. The traffic is filling one of our circus with them. The farthest I got was them telling me they can't do route changes because we're not public safety. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
If you BGP neighbor with them you can send-community /32 advertisement to them, and the will remotely black hole it Aaron
On Dec 21, 2018, at 3:51 PM, Josh Luthman <josh@imaginenetworksllc.com> wrote:
We have had a DOS attack for over 12 hours. I simply want them to null route or black hole an address. The traffic is filling one of our circus with them.
The farthest I got was them telling me they can't do route changes because we're not public safety.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
http://as11404.net/communities.html 11404:666 is probably what you want. On 12/21/18 3:55 PM, Aaron1 wrote:
If you BGP neighbor with them you can send-community /32 advertisement to them, and the will remotely black hole it
Aaron
On Dec 21, 2018, at 3:51 PM, Josh Luthman <josh@imaginenetworksllc.com> wrote:
We have had a DOS attack for over 12 hours. I simply want them to null route or black hole an address. The traffic is filling one of our circus with them.
The farthest I got was them telling me they can't do route changes because we're not public safety.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
Is this the right Spectrum? There's one that's aka Wave and are pretty good and incredibly responsive to abuse reports, and then there's Spectrum Cable/Charter, which is on par with residential Comcast service. On Fri, Dec 21, 2018, at 2:01 PM, Bryan Holloway wrote:
http://as11404.net/communities.html
11404:666 is probably what you want.
well, my comment about ddos rtbh using /32 BGP community is with regard to my provider spectrum which was previously time warner cable/charter AS 11427 is who I peer with Aaron
On Dec 21, 2018, at 5:40 PM, nop@imap.cc wrote:
Is this the right Spectrum? There's one that's aka Wave and are pretty good and incredibly responsive to abuse reports, and then there's Spectrum Cable/Charter, which is on par with residential Comcast service.
On Fri, Dec 21, 2018, at 2:01 PM, Bryan Holloway wrote: http://as11404.net/communities.html
11404:666 is probably what you want.
I do BGP with them, but of course the issue is an IP that they route to me. My issue is with ASN 10796 Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Dec 21, 2018 at 4:55 PM Aaron1 <aaron1@gvtc.com> wrote:
If you BGP neighbor with them you can send-community /32 advertisement to them, and the will remotely black hole it
Aaron
On Dec 21, 2018, at 3:51 PM, Josh Luthman <josh@imaginenetworksllc.com> wrote:
We have had a DOS attack for over 12 hours. I simply want them to null route or black hole an address. The traffic is filling one of our circus with them.
The farthest I got was them telling me they can't do route changes because we're not public safety.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
The /32 should override any static route they are sending you with a larger prefix. Jason Canady Unlimited Net, LLC Responsive, Reliable, Secure On 12/22/18 11:30 AM, Josh Luthman wrote:
I do BGP with them, but of course the issue is an IP that they route to me.
My issue is with ASN 10796
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Fri, Dec 21, 2018 at 4:55 PM Aaron1 <aaron1@gvtc.com <mailto:aaron1@gvtc.com>> wrote:
If you BGP neighbor with them you can send-community /32 advertisement to them, and the will remotely black hole it
Aaron
> On Dec 21, 2018, at 3:51 PM, Josh Luthman <josh@imaginenetworksllc.com <mailto:josh@imaginenetworksllc.com>> wrote: > > We have had a DOS attack for over 12 hours. I simply want them to null route or black hole an address. The traffic is filling one of our circus with them. > > The farthest I got was them telling me they can't do route changes because we're not public safety. > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373
But if they route it to me and I null it, the traffic is already fillimg my pipe (which is my issue). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Sat, Dec 22, 2018, 11:32 AM Jason Canady <jason@unlimitednet.us wrote:
The /32 should override any static route they are sending you with a larger prefix.
Jason Canady Unlimited Net, LLC Responsive, Reliable, Secure
On 12/22/18 11:30 AM, Josh Luthman wrote:
I do BGP with them, but of course the issue is an IP that they route to me.
My issue is with ASN 10796
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Fri, Dec 21, 2018 at 4:55 PM Aaron1 <aaron1@gvtc.com> wrote:
If you BGP neighbor with them you can send-community /32 advertisement to them, and the will remotely black hole it
Aaron
On Dec 21, 2018, at 3:51 PM, Josh Luthman <josh@imaginenetworksllc.com> wrote:
We have had a DOS attack for over 12 hours. I simply want them to null route or black hole an address. The traffic is filling one of our circus with them.
The farthest I got was them telling me they can't do route changes because we're not public safety.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
Your upstream provider is null routing it when you send them the command via BGP, no longer filling your pipe.
On Dec 22, 2018, at 19:24, Josh Luthman <josh@imaginenetworksllc.com> wrote:
But if they route it to me and I null it, the traffic is already fillimg my pipe (which is my issue).
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Sat, Dec 22, 2018, 11:32 AM Jason Canady <jason@unlimitednet.us wrote: The /32 should override any static route they are sending you with a larger prefix. Jason Canady Unlimited Net, LLC Responsive, Reliable, Secure
On 12/22/18 11:30 AM, Josh Luthman wrote: I do BGP with them, but of course the issue is an IP that they route to me.
My issue is with ASN 10796
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Fri, Dec 21, 2018 at 4:55 PM Aaron1 <aaron1@gvtc.com> wrote: If you BGP neighbor with them you can send-community /32 advertisement to them, and the will remotely black hole it
Aaron
On Dec 21, 2018, at 3:51 PM, Josh Luthman <josh@imaginenetworksllc.com> wrote:
We have had a DOS attack for over 12 hours. I simply want them to null route or black hole an address. The traffic is filling one of our circus with them.
The farthest I got was them telling me they can't do route changes because we're not public safety.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
The IP is their routing to me. It's not BGP. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Sat, Dec 22, 2018, 7:51 PM Jason Canady <jason@unlimitednet.us wrote:
Your upstream provider is null routing it when you send them the command via BGP, no longer filling your pipe.
On Dec 22, 2018, at 19:24, Josh Luthman <josh@imaginenetworksllc.com> wrote:
But if they route it to me and I null it, the traffic is already fillimg my pipe (which is my issue).
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Sat, Dec 22, 2018, 11:32 AM Jason Canady <jason@unlimitednet.us wrote:
The /32 should override any static route they are sending you with a larger prefix.
Jason Canady Unlimited Net, LLC Responsive, Reliable, Secure
On 12/22/18 11:30 AM, Josh Luthman wrote:
I do BGP with them, but of course the issue is an IP that they route to me.
My issue is with ASN 10796
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Fri, Dec 21, 2018 at 4:55 PM Aaron1 <aaron1@gvtc.com> wrote:
If you BGP neighbor with them you can send-community /32 advertisement to them, and the will remotely black hole it
Aaron
On Dec 21, 2018, at 3:51 PM, Josh Luthman <josh@imaginenetworksllc.com> wrote:
We have had a DOS attack for over 12 hours. I simply want them to null route or black hole an address. The traffic is filling one of our circus with them.
The farthest I got was them telling me they can't do route changes because we're not public safety.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
That’s where you confuse me Josh, if you do BGP with them wouldn’t it be your advertisement to them that’s causing them to route to you. In other words, aren’t they only routing packets to you for prefixes that you advertise via BGP to them? Aaron
On Dec 22, 2018, at 7:51 PM, Josh Luthman <josh@imaginenetworksllc.com> wrote:
The IP is their routing to me. It's not BGP.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Sat, Dec 22, 2018, 7:51 PM Jason Canady <jason@unlimitednet.us wrote: Your upstream provider is null routing it when you send them the command via BGP, no longer filling your pipe.
On Dec 22, 2018, at 19:24, Josh Luthman <josh@imaginenetworksllc.com> wrote:
But if they route it to me and I null it, the traffic is already fillimg my pipe (which is my issue).
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Sat, Dec 22, 2018, 11:32 AM Jason Canady <jason@unlimitednet.us wrote: The /32 should override any static route they are sending you with a larger prefix.
Jason Canady Unlimited Net, LLC Responsive, Reliable, Secure
On 12/22/18 11:30 AM, Josh Luthman wrote: I do BGP with them, but of course the issue is an IP that they route to me.
My issue is with ASN 10796
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Fri, Dec 21, 2018 at 4:55 PM Aaron1 <aaron1@gvtc.com> wrote: If you BGP neighbor with them you can send-community /32 advertisement to them, and the will remotely black hole it
Aaron
> On Dec 21, 2018, at 3:51 PM, Josh Luthman <josh@imaginenetworksllc.com> wrote: > > We have had a DOS attack for over 12 hours. I simply want them to null route or black hole an address. The traffic is filling one of our circus with them. > > The farthest I got was them telling me they can't do route changes because we're not public safety. > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373
That’s where you confuse me Josh, if you do BGP with them wouldn’t it be your advertisement to them that’s causing them to route to you. In other words, aren’t they only routing packets to you for prefixes that you advertise via BGP to them?
Unless of course the point-to-point between spectrum and Josh is under attack...?
Attack is back on. If there's anyone out there that works at Spectrum and can do a route change and hopefully share some info on BGP communities I would greatly appreciate hearing from you. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Sun, Dec 23, 2018, 12:12 AM Tim Warnock <timoid@timoid.org wrote:
That’s where you confuse me Josh, if you do BGP with them wouldn’t it be your advertisement to them that’s causing them to route to you. In other words, aren’t they only routing packets to you for prefixes that you advertise via BGP to them?
Unless of course the point-to-point between spectrum and Josh is under attack...?
Got a hold of someone, finally! All you have to do, if it's done through BGP, is set a community to 10796:666 This was setup as Time Warner Cable but is Spectrum today. The people I spoke with had been with Time Warner Cable for years before the acquisition/name change. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Sun, Dec 23, 2018 at 12:53 AM Josh Luthman <josh@imaginenetworksllc.com> wrote:
Attack is back on. If there's anyone out there that works at Spectrum and can do a route change and hopefully share some info on BGP communities I would greatly appreciate hearing from you.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Sun, Dec 23, 2018, 12:12 AM Tim Warnock <timoid@timoid.org wrote:
That’s where you confuse me Josh, if you do BGP with them wouldn’t it be your advertisement to them that’s causing them to route to you. In other words, aren’t they only routing packets to you for prefixes that you advertise via BGP to them?
Unless of course the point-to-point between spectrum and Josh is under attack...?
On 12/22/18 11:28 PM, Josh Luthman wrote:
Got a hold of someone, finally! All you have to do, if it's done through BGP, is set a community to 10796:666
This was setup as Time Warner Cable but is Spectrum today. The people I spoke with had been with Time Warner Cable for years before the acquisition/name change.
Yeah but you can't just call it "spectrum" because there's at least 3 totally different AS numbers that could be called that. Call them TWC or by their AS number for faster results.
I’m glad you got it figured out with the right people at spectrum. When I was sitting up ddos rtbh with my 3 isp’s , I remember spectrum (fka twc/charter) was difficult to get the right person on the phone to help me understand what I needed to do. I had to go through layers of phone attendants and groups to get to someone who knew about ddos rtbh. Btw, I’ve wondered about using sp-neutral(agnostic) forms of ddos rtbh... maybe cymru utrs combined with fastnetmon for immediate mitigation without human intervention. I’d really like to get there. Aaron
On Dec 23, 2018, at 1:28 AM, Josh Luthman <josh@imaginenetworksllc.com> wrote:
Got a hold of someone, finally! All you have to do, if it's done through BGP, is set a community to 10796:666
This was setup as Time Warner Cable but is Spectrum today. The people I spoke with had been with Time Warner Cable for years before the acquisition/name change.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Sun, Dec 23, 2018 at 12:53 AM Josh Luthman <josh@imaginenetworksllc.com> wrote: Attack is back on. If there's anyone out there that works at Spectrum and can do a route change and hopefully share some info on BGP communities I would greatly appreciate hearing from you.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Sun, Dec 23, 2018, 12:12 AM Tim Warnock <timoid@timoid.org wrote:
That’s where you confuse me Josh, if you do BGP with them wouldn’t it be your advertisement to them that’s causing them to route to you. In other words, aren’t they only routing packets to you for prefixes that you advertise via BGP to them?
Unless of course the point-to-point between spectrum and Josh is under attack...?
Just saw this (dealing with a different issue) and thought I would keep all the information in one conversation. I now have to use the community: 7843:666 to black hole. I peer with 10796. I don't know where the line is, but since there are multiple ASNs with "Spectrum" or whatever company you want to call it. My billing and administration is all Charter, circuit id is TWCC. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Sun, Dec 23, 2018 at 12:13 PM Aaron1 <aaron1@gvtc.com> wrote:
I’m glad you got it figured out with the right people at spectrum. When I was sitting up ddos rtbh with my 3 isp’s , I remember spectrum (fka twc/charter) was difficult to get the right person on the phone to help me understand what I needed to do. I had to go through layers of phone attendants and groups to get to someone who knew about ddos rtbh.
Btw, I’ve wondered about using sp-neutral(agnostic) forms of ddos rtbh... maybe cymru utrs combined with fastnetmon for immediate mitigation without human intervention. I’d really like to get there.
Aaron
On Dec 23, 2018, at 1:28 AM, Josh Luthman <josh@imaginenetworksllc.com> wrote:
Got a hold of someone, finally! All you have to do, if it's done through BGP, is set a community to 10796:666
This was setup as Time Warner Cable but is Spectrum today. The people I spoke with had been with Time Warner Cable for years before the acquisition/name change.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Sun, Dec 23, 2018 at 12:53 AM Josh Luthman <josh@imaginenetworksllc.com> wrote:
Attack is back on. If there's anyone out there that works at Spectrum and can do a route change and hopefully share some info on BGP communities I would greatly appreciate hearing from you.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Sun, Dec 23, 2018, 12:12 AM Tim Warnock <timoid@timoid.org wrote:
That’s where you confuse me Josh, if you do BGP with them wouldn’t it be your advertisement to them that’s causing them to route to you. In other words, aren’t they only routing packets to you for prefixes that you advertise via BGP to them?
Unless of course the point-to-point between spectrum and Josh is under attack...?
Your upstream should have provided you with BGP backhole community where you tag your /32 and they propagate the BGP BH to all their upstream providers. On Sun, Dec 23, 2018 at 11:27 AM Josh Luthman <josh@imaginenetworksllc.com> wrote:
But if they route it to me and I null it, the traffic is already fillimg my pipe (which is my issue).
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Sat, Dec 22, 2018, 11:32 AM Jason Canady <jason@unlimitednet.us wrote:
The /32 should override any static route they are sending you with a larger prefix.
Jason Canady Unlimited Net, LLC Responsive, Reliable, Secure
On 12/22/18 11:30 AM, Josh Luthman wrote:
I do BGP with them, but of course the issue is an IP that they route to me.
My issue is with ASN 10796
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Fri, Dec 21, 2018 at 4:55 PM Aaron1 <aaron1@gvtc.com> wrote:
If you BGP neighbor with them you can send-community /32 advertisement to them, and the will remotely black hole it
Aaron
On Dec 21, 2018, at 3:51 PM, Josh Luthman <josh@imaginenetworksllc.com> wrote:
We have had a DOS attack for over 12 hours. I simply want them to null route or black hole an address. The traffic is filling one of our circus with them.
The farthest I got was them telling me they can't do route changes because we're not public safety.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
They don't do communities to my knowledge. At this point they won't do anything unless I'm public safety. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Sat, Dec 22, 2018, 7:56 PM Ahad Aboss <ahad@swiftelnetworks.com wrote:
Your upstream should have provided you with BGP backhole community where you tag your /32 and they propagate the BGP BH to all their upstream providers.
On Sun, Dec 23, 2018 at 11:27 AM Josh Luthman <josh@imaginenetworksllc.com> wrote:
But if they route it to me and I null it, the traffic is already fillimg my pipe (which is my issue).
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Sat, Dec 22, 2018, 11:32 AM Jason Canady <jason@unlimitednet.us wrote:
The /32 should override any static route they are sending you with a larger prefix.
Jason Canady Unlimited Net, LLC Responsive, Reliable, Secure
On 12/22/18 11:30 AM, Josh Luthman wrote:
I do BGP with them, but of course the issue is an IP that they route to me.
My issue is with ASN 10796
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Fri, Dec 21, 2018 at 4:55 PM Aaron1 <aaron1@gvtc.com> wrote:
If you BGP neighbor with them you can send-community /32 advertisement to them, and the will remotely black hole it
Aaron
On Dec 21, 2018, at 3:51 PM, Josh Luthman < josh@imaginenetworksllc.com> wrote:
We have had a DOS attack for over 12 hours. I simply want them to null route or black hole an address. The traffic is filling one of our circus with them.
The farthest I got was them telling me they can't do route changes because we're not public safety.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
Did you try their NOC on their PeeringDB page? https://www.peeringdb.com/net/2144 ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Josh Luthman" <josh@imaginenetworksllc.com> To: "NANOG list" <nanog@nanog.org> Sent: Friday, December 21, 2018 3:51:10 PM Subject: Spectrum technical contact We have had a DOS attack for over 12 hours. I simply want them to null route or black hole an address. The traffic is filling one of our circus with them. The farthest I got was them telling me they can't do route changes because we're not public safety. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
participants (9)
-
Aaron1
-
Ahad Aboss
-
Bryan Holloway
-
Jason Canady
-
Josh Luthman
-
Mike Hammett
-
nop@imap.cc
-
Seth Mattinen
-
Tim Warnock