|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Effective ways to deal with DDoS attacks?
On Wed, 1 May 2002, Wojtek Zlobicki wrote: > > > > What processes and/or tools are large networks using to > > > identify and limit the impact of DDoS attacks? > > > > A great deal of thought is being expended on this question, I am certain, > > however, how many of these thought campaings have born significant fruit > yet, > > I do not know. > > How about the following : > > We develop a new community , being fully transitive (666 would be > appropriate ) and either build into router code or create a route map to > null route anything that contains this community. The effect of this being > the distribution of the force of the attack. How about no. How about you do this inside YOUR network, perhaps get an agreement with your peers to accept a /32 route from you and you can do it with your peers also in times of need... There is something ominous about 'automagically propogating' a blackhole route. 1) I hack connected ISP X 2) I inject www.ebay.com /32 blackhole route 3) no more ebay I use ebay as an example of course, I wouldn't want them harmed cause how would I be able to buy all that nice routing gear at bargain basement prices without them? :) > > This aside, how effective would be using a no export community with ones > peers (being non transitive, it would still distribute the force of the > attack). For YOUR PEERS this is a fine idea, provided this fits with your peer's edge policies and doesn't step on his already-used community.
|