nanog mailing list archives
Re: ICANN Targets DDoS Attacks
From: Alex Bligh <alex () alex org uk>
Date: Mon, 04 Nov 2002 16:52:17 -0000
>> -----> a very small percentage cud be blocked if u were willing to link
this to BGP learnt networks..at least those are "complete networks", not subnetted.... ofcourse its a very small portion, mebbe u cud ask guys to send more specific BGP routes from now....
I am assuming you mean 'mark /32's for broadcast addresses as specifics in BGP', or 'propogate subnets in BGP which are the actual networks as more specifics in which case the broadcast address (& network address) are obvious'. But if you are clueful enough to determine which downstream (possibly customer) IPs are broadcast, and those still have directed broadcast switched on (for instance as customer claims it's "impossible" to turn off), then why not just drop all traffic to them rather than push the routes around. I have never had customers (used as reflectors) complain that traffic to their network/broadcast addresses was dropped. In 'a network with which I was involved', this was standard response if customers didn't block directed broadcasts quickly. I seem to recall we used exactly the same blackholing technique (propogate /32s internally in BGP only with community tag to ensure traffic is next-hopped to the bit bucket) as we used to drop other malicious traffic, so it all got dropped at the border rather than at the CPE. Alex Bligh
Current thread:
- Re: ICANN Targets DDoS Attacks Alex Bligh (Nov 01)
- <Possible follow-ups>
- Re: ICANN Targets DDoS Attacks alok (Nov 04)
- Re: ICANN Targets DDoS Attacks bmanning (Nov 04)
- Re: ICANN Targets DDoS Attacks Alex Bligh (Nov 04)
- Re: ICANN Targets DDoS Attacks alok (Nov 04)
- Re: ICANN Targets DDoS Attacks David Conrad (Nov 04)
- Message not available
- Re: ICANN Targets DDoS Attacks alok (Nov 04)
- Re: ICANN Targets DDoS Attacks bmanning (Nov 04)