North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: UUNet Offer New Protection Against DDoS
XO set up a similar customer community last year for our customers to trigger their own black hole at our edge. There is no such thing as an original idea. :) This "promised response" probably means if you press 3 on your phone, you will get a CSR to open a ticket within 15 minutes. Sounds like nice marketing. Jason > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Stephen Perciballi > Sent: Wednesday, March 03, 2004 12:25 PM > To: Andy Ellifson > Cc: [email protected] > Subject: Re: UUNet Offer New Protection Against DDoS > > > > To the best of my knowledge, MCI/UUNET ~was~ the first to implement this. > I've > been using it for well over a year now. > > The community is 701:9999. Any route you tag with that community gets > dropped > accross the entire 701 edge. Feel free to contact support and tell them > you > want to setup the blackhole community if you are having any troubles. > > [Wed, Mar 03, 2004 at 08:34:00AM -0800] > Andy Ellifson Inscribed these words... > > > > > > When I first saw this post I thought that MCI/UU.Net implemented some > DDOS > > BGP community strings like CW implemented a month ago. If only all of > my > > upstreams would have this type of BGP Community string my life would be > made > > easier. Here is the customer release letter from from CW dated Januray > 23, > > 2004: > > > > Dear Customer, > > > > If you have received this email, you are either a direct customer of > > AS3561, (i.e. you have registered a route object for a customer of > AS3561), > > or are listed in the maintainer of a customer of AS3561. > > > > AS3561 has implemented a blackhole/DDoS community string based solution > to > > aid customers in the mitigation of DoS attacks. If you are currently > running > > BGP with us, you will be able to use this feature. > > > > If you advertise a prefix (route) to us with the community string > > 3561:666, we will NULL route or 'blackhole' all traffic destined to that > > prefix. The prefixes accepted are based on the current prefix-list > generated > > for you. Instead of doing exact match filtering, we will accept any > prefix > > (more "specific") within your address block(s). e.g. if you have > > 192.168.0.0/16 registered, we will accept 192.168.0.0/16 upto /32 as > long as > > the 3561:666 community string is attached. > > > > Please ensure you are configured to send community strings and > understand > > the impact of errant advertisements. Diligence should be used when > > administrating this feature. Once the prefix is received and propagated > > within AS3561, all traffic destined to the prefix will be discarded and > the > > blackholing of traffic will continue as long as DDoS community string is > > being advertised. Neither Cable & Wireless nor AS3561 will be held > liable > > or responsible for customers who errantly advertise prefixes with the > > blackhole community string. > > > > If you wish to utilize this feature, you can verify our acceptance of > the > > advertised prefix by querying the AS3561 route server located at > > http://lg.cw.net. > > > > Please remember, we require you to complete a priority one incident > report > > at http://www.security.cw.net (Report an Incident) and include details > of the > > > > attack. An email describing further details of the attack can be sent to > > [email protected], please include the incident report number in the > subject to > > assist in the tracking and documentation of the incident. This will > ensure > > the attack is properly administrated handled by our Security and Legal > > Groups. > > > > > > > > --- John Obi <[email protected]> wrote: > > > Hello Nanogers! > > > > > > I'm happy to see this, and I hope C&W, Verio, and Level3 ..etc will do > the > > > same! > > > > > > MCI/WorldCom Monday unveiled a new service level agreement (SLA) to > help IP > > > services customers thwart and defend against Internet viruses and > threats. > > > > > > http://informationweek.securitypipeline.com/news/18201396 > > > > > > It's the right time before it's too late! > > > > > > Regards, > > > > > > -J > > > > > > > > > --------------------------------- > > > Do you Yahoo!? > > > Yahoo! Search - Find what you're looking for faster. > > > > -- > > Stephen (routerg) > irc.dks.ca
|