nanog mailing list archives
Re: New Solution: (was: Re: Counter DoS)
From: Barney Wolff <barney () databus com>
Date: Thu, 11 Mar 2004 21:06:43 -0500
On Thu, Mar 11, 2004 at 05:17:35PM -0500, Deepak Jain wrote:
Just like the blackhole community routes, certain /32's (only, nothing shorter) can be exported from the customer to the backbone to be blackholed at the edges. The twist, is that instead of limited the customer announcement to the customer's IPs, you force only /32s to be announced for the blackhole prefixes and limit the total number of prefixes. Say 100 (or 10, or 1000 depends how much trust you have) So say, joe-customer has identified his top 50 DDOS sources, he announces them to you, voila, DDOS gone. (even for spoofed traffic, depending on how your filters are set up) Obviously these would be no-export routes so no peer need be worried.
1. Why is BGP the right tool for this? 2. Is your idea to block only packets destined for the customer making the request, or to 0/0? -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.
Current thread:
- Re: Counter DoS, (continued)
- Re: Counter DoS Brandon Butterworth (Mar 11)
- Re: Counter DoS Hank Nussbacher (Mar 11)
- RE: Counter DoS Pendergrass, Greg (Mar 11)
- Re: Counter DoS Etaoin Shrdlu (Mar 11)
- RE: Counter DoS Michael . Dillon (Mar 11)
- RE: Counter DoS Pendergrass, Greg (Mar 11)
- Re: Counter DoS Rachael Treu (Mar 11)
- RE: Counter DoS Drew Weaver (Mar 11)
- Re: Counter DoS Gregory Taylor (Mar 11)
- New Solution: (was: Re: Counter DoS) Deepak Jain (Mar 11)
- Re: New Solution: (was: Re: Counter DoS) Barney Wolff (Mar 11)
- Re: New Solution: (was: Re: Counter DoS) James (Mar 11)
- Re: Counter DoS Gregory Taylor (Mar 11)
- Re: Counter DoS Brandon Butterworth (Mar 11)
- RE: Counter DoS Priscilla Oppenheimer (Mar 11)
- Re: Counter DoS Eric Kuhnke (Mar 11)