|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: ONS - The few the proud ... the sleeping
> Unless all these bots are directly connected (direct > customer) and concentrated on one portion of the network (not > spread across the entire access layer) I can't imagine with > the tools, features, products, etc that are available today > (that can almost manage dDoS attacks for you) that it > couldn't be mitigated. 5-6 years ago this would have been a > lot tougher, but it was still doable. Remote triggered BGP blackhole filtering comes to mind ftp://ftp-eng.cisco.com/cons/isp/security/Remote-Triggered-Black-Hole-Fi ltering-02.pdf And if the bots are directly connected or concentrated in one point of the network, it seems to me that simple ACLs can mitigate the attack. I agree that DDoS is not likely to take down a network big enough to be called a backbone unless there is some kind of unforeseen side effects to the DDoS. --Michael Dillon
|