@jherazob @leberschnitzel they already exist...

• Worst case fork #PoWshield as used by the fmr. admin of #IncognitoMarket if you don't want to work with your hoster/upstream to block #DDoS attacks through #blackholing and having a proper #Firewall setup!

I think it's bad #TechPopulism to think that #Anubis will fix all the issues.

• It's like #KernelLevelAnticheat, #Antivirus and #DRM: A hamfisted approach that harms legitimate users more than the bad actors!

Just block all the #GAFAMs ASNs & #hosters that host #Scrapers so the industry cracks down harder on them than on #IRC, #Tor #ExitNodes, #CSAM & #BitTorrent combined!

@varbin @f4grx @nixCraft @torproject Well, you can dynamically block them based off packet rate & amount of requests and rate-limit them as well as limit them in terms of transfer rate.

• Also #DDoS-Protection is something any decent #datacenter & #hoster offers (don't use value-removing middlemen like #CloudFlare as they are a #RogueISP who ain't even goox at their job!)

Not to mention you rarely see DDoS attacks from residential IPs and ISPs are quick to disconnect offending hosts upon reporting them, so worst-case one blocks a /24 for 24 hours.

• This doesn't even account for the fact that #Skiddie-Tools like #LOIC are easily dstinguishable and filter for.

Again: if this is a real problem, any decent datacenter / hoster / upstream will gladly pick up the phone or reply to your support request via mail.

• After all, they too don't like it when someone hammers their infrastructure, so they have a vested interest in #Blackholing bad traffic at the #IX level.

#DECIX even officially recommends that as a means to handle large-scale DDoS attacks and keep everyone else online.

• To me a "#Layer7" solution like #Anubis comes way too late as it already incurs billable traffic at many hosters and datacenters and we don't want to cough up money because of someone else trying to #blackmail us (which is the #1 reason for DDoS'ers to do so!)…

@LunaDragofelis Consider #blackholing entire #ASN|s like #aws and all the ofther #GAFAMs instead.

• It's the only way to stop these #DDoS attacks!

https://www.youtube.com/watch?v=Hi5sd3WEh0c

@osm_tech personally, I'd block all the #GAFAMs by their entire #ASN|s!

• Fuck the crawlers; #Blackholing of their #DDoS attacks is the only feasible option!

• Also send an #AbuseReport everytime they try that shite to them and all the providers from you till them...

@snow Maybe consider a provider that allows you to do #Blackholing?

• In fact that is something #DECIX advocates for: Stopping #DDoS at the #IX level!

#Contabo for example allows to book a dedicaded, managed #pfSense #Firewall woth their #dedicaded #Servers so you can just block entire ASNs aggressively.

• In my experience, blocking entire ASNs like #pfCloud, #CloudFlare, #DDoSguard, #aws and entire countries like Russia has been effective.

@lns you may be doing something right, but bots these days are targeting everything, everywhere - all the time. Doing some rough filtering at the edge helps to reduce the noise: https://lukasz.bromirski.net/bgp-blackholing/ & https://lukasz.bromirski.net/bgp-geo-blackholing/ #bgp #blackholing

@mad @coastgnu @TwraSun ich meine, das bewusste #ausblenden und #totschweigen hat ha auch schon bei @piratenpartei / #PIRATEN & @voltdeutschland / #Volt geklappt, also macht es nur Sinn für jene die gegen #Pluralismus und #Diversität sind dies gegen #GRÜNEN zu flexen.

• Deshalb bin ich dafür statt #5ProzentHürde eine dynamische Hürde von "mindestens 10 Parteien bzw. 1%, jedoch nicht mehr als 15 Parteien" zu etablieren.

Worst-Case wären schon jetzt ~ 19 Parteien a 5,01% möglich!

#DEpol #MediaBlackout #Blackholing

@jetsoft @hanse_mina #Funfact, i worked at several firms where #Geoblocking #Russia alongside "P.R." #China and #NorthKorea was part of their #ITsec protocol simply because otherwise they'd constantly get #DDoS'd or face hacking attempts.

• #BGP-#Blackholing traffic from entire ASNs helped a lot!

@7331 @torproject not to mention #DDoS over #Tor is lusy in comparison to #NTP-AMP-DDoS or just using a #Botnet instead.

It's not as if #Blackholing exist...

If You want to experiment with BGP FlowSpec on your router, there's alpha version of my BGP Blackholing FlowSpec server at 85.232.240.180 & 2001:1a68:2c:2::180. You'll get 1345 IPv4 FlowSpec AF prefixes and 45 in IPv6 FlowSpec AF. The rest of configuration is the same as in main project: https://lukasz.bromirski.net/bgp-blackholing/ Please ping me directly and share your feedback (with your platform details if possible - thanks!) #iosxr #pushdastuff #bgp #blackholing

@andreasdotorg if I were @internetarchive I'd limit the amount of traffic and connections #AWS can make to 1 per IPv4 & 1 per IPv6 @ 64kbit/s and automatically abuse-report and temporarily soft-block the source IPs via #blackholing [like any #DDoS] if not the entire #AWS #AS!

@hackdefendr I hope #DECIX and #ISP's have taken preventive measures and started #blackholing the attacks.

If not, @bsi & @BNetzA should get them to do it - now!

@jeff @BNetzA Good #ISP's and #Hoster will offer #blackholing and #Filtering of traffic - espechally #DDoS-Protection at no extra charge.

In these cases, providers that are #peering on #IX'es like #DECIX can just do #blackholing at the IX, facilitating it very efficiently.