DDoS (Distributed Denial of Service) attacks are getting larger, more sophisticated, and more pervasive. Just today (October 21, 2016), DDoS attacks against Dyn, Inc have impacted the availability of sites such as Twitter, Netflix, Github, and Spotify.

Typical DDoS mitigation strategies rely on defending the victim (destination) as close to the destination as possible. This can happen in a number of ways.

One defense strategy is to redirect traffic, destined to the victim, through an alternative network that is designed to identify malicious traffic, drop the malicious traffic, before sending the legitimate traffic to the victim. This generally works well for volumetric or protocol based attacks. However, this requires that a network with a vast amount of capacity be available and sitting idle, except in times of attacks.

Another defense strategy is to utilize network and application firewalls, sitting in front of the destination, to identify the malicious traffic and drop it before sending the legitimate traffic to the destination. This generally works fine for some protocol and application based attacks.

Then, in some cases, volumetric attacks are so large, that they completely overwhelm the destination network. In this case, they use a BGP community, known as Remote Triggered Black Holes (RTBH) to tell their upstream service providers to drop traffic destined to the victim before it even reaches the destination network. In this case, the victim is sacrificed for the availability of rest of the network. This is typically the worst case scenario, as the victim still goes offline, conceding a victory to the attacker.

These countermeasures obviously are not going to scale with ever growing attacks. This is why we need the architects and builders of the Internet to come together to standardize on a new method of defending against the these attacks. We need a global community of real time analytics that identify malicious sources and use RTBH techniques to automatically take the offending sources off the Internet, instead of the victims. This technique will require that every Internet provider agree on a standard, and abide by it.

Share on FacebookTweet about this on TwitterShare on LinkedInShare on RedditEmail this to someone

I’ve recently have been experiencing issues with my IPv6 Tunnel with Tunnelbroker.net. While doing some searching on the Internet, I ran across this forum thread on AT&T, with users experiencing the same issue.

It appears that AT&T is blocking SIT and GRE tunnels purposely – which have very legitimate purposes. After reading the forum thread, I filed a complaint with the FCC about AT&T violating network neutrality rules. I then posted my actions on the thread and listed the FCC complaint reference number – 13-C00539997.

Shortly after, AT&T removed the reference number from my post. I then edited the post and added it back. The AT&T moderator then removed it again and sent me a private message stating that I wasn’t allowed to post personal information. I replied back to her message and stated that it wasn’t personal information and that it was a FCC complaint reference number. After sending the message, I again edited the post and added the reference number back. And told the moderator, by name, to not remove the reference number.

Now, I’m banned from the thread, and I got a nice nasty gram from the AT&T moderator

Hello,

Your post was removed per Guidelines:

Keep it Relevant and Appropriate
For everyone's benefit please stay on topic. These Community Forums are provided to encourage knowledge-sharing of AT&T products and services with others. Please refrain from discussing personal matters or, in general, from posting content in a manner unrelated to the resolution of issues regarding AT&T products and services. Other inappropriate or unacceptable behavior includes: a) discussing how to violate any policy or agreement entered into with AT&T for any product or service, b) posting content which is created solely to “bump” an existing topic or to evade the word filter or site logic; c) double-posting or cross-posting; and d) discussing participant bans or other Moderator actions. The Community Forum is not a venue for discussion of legal matters. Therefore, no such discussions are permitted. We reserve the right to delete inappropriate material.

With customer service like this, my FCC complaint will be for nought, as I’m just going to boycott AT&T products all together. So long, AT&T, you’ll hardly be missed.

Update:

I received another private message, this time from another forum moderator.

Hello jtdub,
 
We have set your account to Read-Only Status.
 
In order to reinstate your posting permissions, you must review the User Guidelines and reply to this message indicating you have read and agree to those user Guidelines.
 
Once we receive your reply, your posting permissions will be reinstated in 48 hours.
 
This action has been taken because you have violated multiple sections of the Guidelines numerous times despite being previously warned.
 
Please be advised that further violations may result in the permanent removal of your posting permissions.
 
The AT&T Moderator Staff

Here is my response:

I only violated the guideline of talking about why I was being moderated. Period. I did not violate the term of posting personal information, which initiated my rant. I do not agree with the terms of the guidelines and I do not agree with the horrible customer service actions that were taken against me. In the end, all is for naught. AT&T has lost me as a loyal customer of the past 15 years. No longer will I use AT&T. I'll be calling on Monday to cancel my service. Nor will I recommend it to friends, family, and colleagues. The forum moderation is horrendous and I will not soon forget this.
 
Regards,
 
James
Share on FacebookTweet about this on TwitterShare on LinkedInShare on RedditEmail this to someone