nanog mailing list archives

Re: engineering --> ddos and flooding

From: "Sykes, Phil" <Phil.Sykes () cweurope net>
Date: Fri, 1 Jun 2001 20:50:24 +0200


Ooh, a good idea (or is it just late on Friday?)

Two possible Achilles heal with this approach is that the multihop bgp

session between the

customer and the ISP's low end router may die under the flood of the
attack.
Also the low end router could drop it's IBGP peering if it
becomes too flooded with the now redirected traffic.


 I think an appropriately secured web-based interface would be better than
multihop-BGP trickery, for the 'death of the customer connection' reason.
I'd hope every responsible noc operator has at least 5 backup dialup
accounts on other people's networks to access the webpage through.

 Perhaps the low-end router (or Zebra running box)on the ISPs side could
advertise the routes internally to the ISP network with an next-hop of a big
router that can take the pain (or a security box that can log the packets).
 Alternatively, a route-map on each router in the network could null route
any route advertisement with a nullroute community (curses, thought of it a
couple of seconds too late :-)

Cheers,

Phil Sykes, Network Engineer
Cable & Wireless European IP Engineering
p: +49 89 92699 204 m: +49 172 89 79 727

Current thread:

Re: engineering --> ddos and flooding, (continued)
- - Re: engineering --> ddos and flooding lucifer (Jun 01)
    - Re: engineering --> ddos and flooding Bill Woodcock (Jun 01)
    - Re: engineering --> ddos and flooding Geoff Zinderdine (Jun 01)
    - Re: engineering --> ddos and flooding Mark Mentovai (Jun 01)
    - Re: engineering --> ddos and flooding Geoff Zinderdine (Jun 01)
    - Re: engineering --> ddos and flooding Christopher A. Woodfield (Jun 01)
    - Re: engineering --> ddos and flooding Mark Mentovai (Jun 01)
  - Re: engineering --> ddos and flooding Mark Mentovai (Jun 01)
    - Re: engineering --> ddos and flooding Hank Nussbacher (Jun 03)
    - Re: engineering --> ddos and flooding Geoff Zinderdine (Jun 04)
  - Re: engineering --> ddos and flooding Sykes, Phil (Jun 01)
- Re: engineering --> ddos and flooding Paul Johnson (Jun 04)
  - Re: engineering --> ddos and flooding Mark Mentovai (Jun 04)
  - Re: engineering --> ddos and flooding Valdis . Kletnieks (Jun 04)
    - Re: engineering --> ddos and flooding Dan Hollis (Jun 04)
- RE: engineering --> ddos and flooding Matt Zito (Jun 04)
  - RE: engineering --> ddos and flooding Hank Nussbacher (Jun 04)
- RE: engineering --> ddos and flooding Richard A. Steenbergen (Jun 04)
- RE: engineering --> ddos and flooding Matt Zito (Jun 04)
  - RE: engineering --> ddos and flooding Richard A. Steenbergen (Jun 04)