North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Effective ways to deal with DDoS attacks?
On Wed, May 01, 2002 at 10:15:44PM -0400, Leo Bicknell wrote: > > In a message written on Wed, May 01, 2002 at 08:17:04PM -0500, dies wrote: > > Then you are pushing out /32's and peers would need to accept them. Then > > someone will want to blackhole /30's, /29's, etc. Route bloat. Yum! > > I'm not sure what form this would take, but I have long wished > route processing could be sent into a "programming language". For > this specific example it would be nice to set a maximum number of > route limit for the total number of routes on the session, as well > as /per community/. Agreed wholeheartedly. But then you'd have to have network engineers who could program (and no perl doesn't count). :) > That is, community xxxx:666 == blackhole me, and I could limit each > peer to say, 6 of these at a time. More would not take down the > session, but simply be ignored. > > I can carry 6 /32's for every peer I have, and if they only have > 6, they will probably use them for the most abusive target. I give it 2 months, then they'll start hitting random dst IPs in a target prefix (say a common /24 going through the same path). -- Richard A Steenbergen <[email protected]> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
|