We have had a DOS attack for over 12 hours. I simply want them to null route or black hole an address. The traffic is filling one of our circus with them.
The farthest I got was them telling me they can’t do route changes because we’re not public safety.
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
If you BGP neighbor with them you can send-community /32 advertisement to them, and the will remotely black hole it
Aaron
Is this the right Spectrum? There's one that's aka Wave and are pretty good and incredibly responsive to abuse reports, and then there's Spectrum Cable/Charter, which is on par with residential Comcast service.
well, my comment about ddos rtbh using /32 BGP community is with regard to my provider spectrum which was previously time warner cable/charter AS 11427 is who I peer with
Aaron
I do BGP with them, but of course the issue is an IP that they route to me.
My issue is with ASN 10796
The /32 should override any static route they are sending you with a larger prefix.
But if they route it to me and I null it, the traffic is already fillimg my pipe (which is my issue).
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
Your upstream provider is null routing it when you send them the command via BGP, no longer filling your pipe.
Your upstream should have provided you with BGP backhole community where you tag your /32 and they propagate the BGP BH to all their upstream providers.
The IP is their routing to me. It’s not BGP.
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
They don’t do communities to my knowledge. At this point they won’t do anything unless I’m public safety.
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
That’s where you confuse me Josh, if you do BGP with them wouldn’t it be your advertisement to them that’s causing them to route to you. In other words, aren’t they only routing packets to you for prefixes that you advertise via BGP to them?
Aaron
That’s where you confuse me Josh, if you do BGP with them wouldn’t it be
your advertisement to them that’s causing them to route to you. In other
words, aren’t they only routing packets to you for prefixes that you advertise
via BGP to them?
Unless of course the point-to-point between spectrum and Josh is under attack...?
Attack is back on. If there’s anyone out there that works at Spectrum and can do a route change and hopefully share some info on BGP communities I would greatly appreciate hearing from you.
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
Got a hold of someone, finally! All you have to do, if it’s done through BGP, is set a community to 10796:666
This was setup as Time Warner Cable but is Spectrum today. The people I spoke with had been with Time Warner Cable for years before the acquisition/name change.
Yeah but you can't just call it "spectrum" because there's at least 3 totally different AS numbers that could be called that. Call them TWC or by their AS number for faster results.
I’m glad you got it figured out with the right people at spectrum. When I was sitting up ddos rtbh with my 3 isp’s , I remember spectrum (fka twc/charter) was difficult to get the right person on the phone to help me understand what I needed to do. I had to go through layers of phone attendants and groups to get to someone who knew about ddos rtbh.
Btw, I’ve wondered about using sp-neutral(agnostic) forms of ddos rtbh… maybe cymru utrs combined with fastnetmon for immediate mitigation without human intervention. I’d really like to get there.
Aaron
Just saw this (dealing with a different issue) and thought I would keep all the information in one conversation.
I now have to use the community: 7843:666 to black hole. I peer with 10796.
I don’t know where the line is, but since there are multiple ASNs with “Spectrum” or whatever company you want to call it. My billing and administration is all Charter, circuit id is TWCC.