nanog mailing list archives

Re: Effective ways to deal with DDoS attacks?

From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Sun, 5 May 2002 09:44:10 +0200 (CEST)


On Sun, 5 May 2002, Christopher L. Morrow wrote:

like with single homed customers. The only time when those sets of
prefixes is NOT the same is for a backup connection. But if a connection

Not always the case, customer behaviour can not be accurately modeled.

I was hoping someone else might mention this, BUT what about the case of
customers providing transit for outbound but not inbound traffic for their
customers? We have many, many cases of customers that are 'default
routing' for their customers that get inbound traffic down alternate
customers or peers or wherever...


Is there a compelling reason you should allow this? If yes, you can't use
uRPF and you have to install an acl to do sanity checking on the
customer's source addresses. If no, they'll have to announce those routes
to you. If they set the no export community they still won't get any
inbound traffic to speak of.

uRPF seems like a not so good solution
for these instances :( especially since some of these are our worst
abusers :(


Well if these are your worst abusers, it seems to me uRPF is exactly what
those customers need.  ;-)

Current thread:

Re: /31 mask address, (continued)
- - - Re: /31 mask address Andre Chapuis (May 03)
    - Re: /31 mask address Simon Lockhart (May 03)
    - Re: /31 mask address Robert E. Seastrom (May 03)
    - Re: /31 mask address Manolo Hernandez (May 03)
    - Re: /31 mask address Andre Chapuis (May 03)
    - Re: /31 mask address JAKO Andras (May 06)
    - Re: /31 mask address Simon Lockhart (May 06)
    - Re: /31 mask address Miguel Mata-Cardona (May 03)
    - Re: Effective ways to deal with DDoS attacks? Stephen Griffin (May 04)
    - Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 04)
    - Re: Effective ways to deal with DDoS attacks? Iljitsch van Beijnum (May 05)
    - RE: Effective ways to deal with DDoS attacks? Barry Raveendran Greene (May 05)
    - unicast RPF for peers viable? Iljitsch van Beijnum (May 05)
    - Re: unicast RPF for peers viable? Richard A Steenbergen (May 05)
    - RE: unicast RPF for peers viable? Barry Raveendran Greene (May 05)
    - uRPF Loose Check Mode vs. ACL Livio Ricciulli (May 05)
    - Re: uRPF Loose Check Mode vs. ACL Richard A Steenbergen (May 05)
    - Re: uRPF Loose Check Mode vs. ACL Livio Ricciulli (May 05)
    - Re: uRPF Loose Check Mode vs. ACL Richard A Steenbergen (May 05)
    - Re: uRPF Loose Check Mode vs. ACL Valdis . Kletnieks (May 05)
    - Re: uRPF Loose Check Mode vs. ACL Richard A Steenbergen (May 05)

(Thread continues...)