<div dir="ltr">Unfortunately The Internet has seen a jump in DDoS capability in the past year or so that hasn't been meted, generally, by an increase in mitigation. IE DDoS is winning, at the moment :(<div><br></div><div>
The specificity of the current attacks ought to be able to be addressed by the tier1s/major players, however doesn't seem to be!</div><div><br></div><div>Might be a different topic for this, or if people can PM information they have on this (not having found much on nanog etc), I'd be interested!</div>
<div><div><br></div><div><br></div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Aug 2, 2014 at 9:00 PM, James Braunegg <span dir="ltr"><<a href="mailto:james.braunegg@micron21.com" target="_blank">james.braunegg@micron21.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">Dear Andrew<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">This week has been “crazy” for DDoS attacks with SSDP amplification attacks being the flavor of the week internationally, so I can understand your “pain”<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">A key part of isolating yourself from “back ground noise” is the ability separate Domestic Transit and Peering from International transit and if you can International peering using BGP communities. <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">Both Vocus and Pipe support BGP communities, however in both cases I highly recommend contacting the NOC for up to date communities as upstream providers change all the time and the NOC of each provider can provide great assistance in “tuning” your service.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">That being said <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">Examples of Vocus (AS4826) communities can be found here (not all communities listed ) <a href="http://tools.vocus.com.au/additionals/communities2.2.html" target="_blank">http://tools.vocus.com.au/additionals/communities2.2.html</a> <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">Examples of Pipe (AS 24130) communities can be found here (not all communities listed) <a href="https://lg.pipenetworks.com/PIPE%20Networks%20AS24130%20BGP%20Routing%20Policy.pdf" target="_blank">https://lg.pipenetworks.com/PIPE%20Networks%20AS24130%20BGP%20Routing%20Policy.pdf</a> <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">With reference to influencing outbound traffic I highly recommend creating route maps or using software such as <a href="http://www.noction.com/" target="_blank">http://www.noction.com/</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">Depending how far you want to engineer your network you can also get very “funky” with your own international upstream providers and say establish GRE tunnels back to Australia and if you can justify it your own capacity across cable systems which can be used independently from your current two upstream providers. <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">Alternately this is also a perfect example of how useful having a backup on demand IP transit provider on a service such as Megaport which allows you to turn on / off a service on demand within minutes if required, use a bit of SDN and you could automate the entire process upon detecting issues!<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">Hope that helps, happy to provide more information if you require it.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">Kindest Regards<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><u></u> <u></u></span></p><p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:black">James Braunegg<br>
</span></b><b><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:black">P:</span></b><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:black"> 1300 769 972 | <b>M:</b> 0488 997 207 | <b>D:</b> (03) 9751 7616</span><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:black"><u></u><u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:black">E:</span></b><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:black"> </span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><a href="mailto:james.braunegg@micron21.com" target="_blank"><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:black">james.braunegg@micron21.com</span></a></span><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:black"> | <b>ABN:</b> <a href="tel:12%20109%20977%20666" value="+12109977666" target="_blank">12 109 977 666</a> <br>
<b>W:</b> <a href="http://www.micron21.com/ddos-protection" target="_blank"><span style="color:black">www.micron21.com/ddos-protection</span></a> <b>T:</b> @micron21<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:black"><br><img border="0" width="250" height="39" src="cid:image001.jpg@01CFAE92.3275E880" alt="Description: Description: Description: Description: M21.jpg"><br>
</span><span lang="EN-AU" style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:black">This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer.</span><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:black"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><u></u> <u></u></span></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> AusNOG [mailto:<a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">ausnog-bounces@lists.ausnog.net</a>] <b>On Behalf Of </b>Andrew Yager<br>
<b>Sent:</b> Saturday, August 02, 2014 7:23 PM<br><b>To:</b> <a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a><br><b>Subject:</b> [AusNOG] Dealing with global route views<u></u><u></u></span></p>
<div><div class="h5"><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">Hi All,<u></u><u></u></p><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Coming to the end of a couple of long weeks, and brain is a bit fried.<u></u><u></u></p>
</div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">For the last few days we've had issues where one or other of our two primary internal upstreams has had DOS attacks affecting their connectivity on foreign soil (i.e. connectivity via Level 3 is borked, or connectivity via <a href="http://he.net" target="_blank">he.net</a> is borked), which has adversely affected our ability to reach certain parts of the world, and conversely their ability to reach us.<u></u><u></u></p>
</div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">In both cases we don't really want to drop either transit provider completely as the domestic performance we get from them both is good.<u></u><u></u></p>
</div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">On another day my brain might see this really clearly, but just can't get my head into it for now.<u></u><u></u></p></div><div><div><p class="MsoNormal">
<u></u> <u></u></p></div><div><p class="MsoNormal">Can we:<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">a) adjust our internal preferences accurately enough to influence our outbound traffic to prefer one or the other in particular, operator driven scenarios<u></u><u></u></p>
</div><div><p class="MsoNormal">b) influence our rest of the world traffic to avoid <a href="http://he.net" target="_blank">he.net</a> or level 3<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div>
<p class="MsoNormal">… and how?<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">I believe one of our upstreams (Vocus) will honour some "do not advertise here" communities (but I don't know where the list is), but I suspect the other (PIPE) will not?<u></u><u></u></p>
</div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Thanks,<u></u><u></u></p></div><div><p class="MsoNormal">Andrew<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div>
<p class="MsoNormal">-- <br><b>Andrew Yager, Managing Director</b> <i>MACS (Snr) CP BCompSc MCP</i><br>Real World Technology Solutions Pty Ltd - IT people you can trust<br>ph: 1300 798 718 or (02) 9037 0500<br>fax: (02) 9037 0591<br>
<a href="http://www.rwts.com.au/" target="_blank">http://www.rwts.com.au/</a><u></u><u></u></p></div></div></div></div></div></div><br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>