Re: [SECURITY] Application layer attacks/DDoS attacks
Yes Harlan, you are absolutely right, even if this won't stop the botnet-based DDoS attacks, but at least will significantly decrease the volume/frequency of the volume based attacks. On the other side, the DDoS protection now become a business where all-tiers ISPs make money of, and those ISPs is the exact place where the implementation of anti-spoofing make the best sense, conflict of interests now... However, the trusted network initiative might be a good approach to start influencing operators to apply anti-spoofing mechanisms. Salam, Ramy On 23 May 2015 10:48 pm, "Harlan Stenn" <stenn@ntp.org> wrote: Just to ask, what is the expected effect on DDoS attacks if folks implemented BCP38? How does the cost of implementing BCP38 compare to the cost of other solution attempts? H
While I don't think any ISP "wants DDoS" to make $$, I do based on experience believe that business cases have to be made for everything. With the prices pay for BW in most of the world now, ( or the last number of years) its going to be VERY hard to get anyone to allocated time/$$ or energy to do anything they don't need to, to get the bit to you. -jim On Sat, May 23, 2015 at 6:33 PM, Ramy Hashish <ramy.ihashish@gmail.com> wrote:
Yes Harlan, you are absolutely right, even if this won't stop the botnet-based DDoS attacks, but at least will significantly decrease the volume/frequency of the volume based attacks.
On the other side, the DDoS protection now become a business where all-tiers ISPs make money of, and those ISPs is the exact place where the implementation of anti-spoofing make the best sense, conflict of interests now...
However, the trusted network initiative might be a good approach to start influencing operators to apply anti-spoofing mechanisms.
Salam,
Ramy On 23 May 2015 10:48 pm, "Harlan Stenn" <stenn@ntp.org> wrote:
Just to ask, what is the expected effect on DDoS attacks if folks implemented BCP38?
How does the cost of implementing BCP38 compare to the cost of other solution attempts?
H
On Sat, May 23, 2015 at 9:12 PM, jim deleskie <deleskie@gmail.com> wrote:
However, the trusted network initiative might be a good approach to start influencing operators to apply anti-spoofing mechanisms.
explain how you think the 'trusted network initiative' matters in the slightest? -chris
The idea of restricting access to a certain content during an attack on the "trusted networks" only will make all interested ISPs be more "trusted" Ramy On Mon, May 25, 2015 at 5:01 AM, Christopher Morrow <morrowc.lists@gmail.com
wrote:
On Sat, May 23, 2015 at 9:12 PM, jim deleskie <deleskie@gmail.com> wrote:
However, the trusted network initiative might be a good approach to start influencing operators to apply anti-spoofing mechanisms.
explain how you think the 'trusted network initiative' matters in the slightest?
-chris
Without a concomitant increase in "trustworthy", assigning greater levels of trust is fools endeavour. Whatever this trusted network initiative is, I take that it was designed by fools or government (the two are usually indistinguishable) for the purpose of creating utterly untrustworthy networks.
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Ramy Hashish Sent: Sunday, 24 May, 2015 22:49 To: morrowc.lists@gmail.com; nanog@nanog.org Subject: Re: [SECURITY] Application layer attacks/DDoS attacks
The idea of restricting access to a certain content during an attack on the "trusted networks" only will make all interested ISPs be more "trusted"
Ramy
On Mon, May 25, 2015 at 5:01 AM, Christopher Morrow <morrowc.lists@gmail.com
wrote:
On Sat, May 23, 2015 at 9:12 PM, jim deleskie <deleskie@gmail.com> wrote:
However, the trusted network initiative might be a good approach to start influencing operators to apply anti-spoofing mechanisms.
explain how you think the 'trusted network initiative' matters in the slightest?
-chris
Keith, I agree, we can't even get everyone including some LARGE ( I'll avoid Tier's because people get stupid around that too) networks to filter customers based on assigned netblocks. -jim On Mon, May 25, 2015 at 9:44 AM, Keith Medcalf <kmedcalf@dessus.com> wrote:
Without a concomitant increase in "trustworthy", assigning greater levels of trust is fools endeavour. Whatever this trusted network initiative is, I take that it was designed by fools or government (the two are usually indistinguishable) for the purpose of creating utterly untrustworthy networks.
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Ramy Hashish Sent: Sunday, 24 May, 2015 22:49 To: morrowc.lists@gmail.com; nanog@nanog.org Subject: Re: [SECURITY] Application layer attacks/DDoS attacks
The idea of restricting access to a certain content during an attack on the "trusted networks" only will make all interested ISPs be more "trusted"
Ramy
On Mon, May 25, 2015 at 5:01 AM, Christopher Morrow <morrowc.lists@gmail.com
wrote:
On Sat, May 23, 2015 at 9:12 PM, jim deleskie <deleskie@gmail.com> wrote:
However, the trusted network initiative might be a good approach to start influencing operators to apply anti-spoofing mechanisms.
explain how you think the 'trusted network initiative' matters in the slightest?
-chris
On 25 May 2015, at 19:49, jim deleskie wrote:
I agree, we can't even get everyone including some LARGE ( I'll avoid Tier's because people get stupid around that too) networks to filter customers based on assigned netblocks.
Customer of my customer [of my customer, of my customer . . . ]. It's customers all the way down. <http://en.wikipedia.org/wiki/Turtles_all_the_way_down#History> ;> ----------------------------------- Roland Dobbins <rdobbins@arbor.net>
On 25 May 2015, at 19:44, Keith Medcalf wrote:
Whatever this trusted network initiative is, I take that it was designed by fools or government (the two are usually indistinguishable) for the purpose of creating utterly untrustworthy networks.
AFAICT, the 'Trusted Network Initiative' largely consists of 'all the cool kids should do multilateral peering at AMS-IX and NL-ix across vl112': <https://www.thehaguesecuritydelta.com/projects/project/cyber-security/60-trusted-networks-initiative> <https://www.thehaguesecuritydelta.com/images/TNI_Info_Sheet_01-04-2015.pdf> ----------------------------------- Roland Dobbins <rdobbins@arbor.net>
participants (6)
-
Christopher Morrow -
jim deleskie -
Keith Medcalf -
Ramy Hashish -
Randy Bush -
Roland Dobbins