North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Effective ways to deal with DDoS attacks?
On Wed, 1 May 2002, dies wrote: > > > Then you are pushing out /32's and peers would need to accept them. Then > someone will want to blackhole /30's, /29's, etc. Route bloat. Yum! > Yes. > Additionally you are creating a way to basically destroy the Internet as a > whole. One kiddie gets ahold of a router, say of a large backbone > provider, takes one of their aggregate blocks (/16? /10? /8?) and splits > it into /32 announcements. > Or, blackhole the /16 :) more fun! (assuming no other smaller announcements inside that /16 of course) > Anyways, some providers already allow you to set a community on a route, > and they will inturn "blackhole" it for you. I believe Teleglobe does > this for some customers and I know UUNet does this for all customers. Hmm, Mr. 'dies' is almost correct... if you are a UUNET customer and you would like to do this please call the customer service center and they will help you to configure this 'service'. Thanks though Mr. 'dies' :) > > On Wed, 1 May 2002, Wojtek Zlobicki wrote: > > > > > > > What processes and/or tools are large networks using to > > > > identify and limit the impact of DDoS attacks? > > > > > > A great deal of thought is being expended on this question, I am certain, > > > however, how many of these thought campaings have born significant fruit > > yet, > > > I do not know. > > > > How about the following : > > > > We develop a new community , being fully transitive (666 would be > > appropriate ) and either build into router code or create a route map to > > null route anything that contains this community. The effect of this being > > the distribution of the force of the attack. > > > > This aside, how effective would be using a no export community with ones > > peers (being non transitive, it would still distribute the force of the > > attack). > > > > > > >
|