nanog mailing list archives
Re: attacking DDOS using BGP communities?
From: Saku Ytti <saku+nanog () ytti fi>
Date: Fri, 18 Oct 2002 10:43:52 +0300
On (2002-10-18 00:15 -0400), John Fraizer wrote:
2) 'TTL' community. -just think about the amount of route-maps :>Whoa. Decrementing a single community integer value while leaving others unchanged would seem to be a bit tricky. This would require much more work on the part of others than the first suggestion and I think it would attract far fewer participants for that matter.
Actually would it matter if it wouldn't be additive change? Since it would be diagnostic/special case. But of course it would be trivial for the vendors to add support for changing the communities this way, if this could be performed as a additive change you could offer your customers automaticly partial visiblity under DOS attack until it's resolved rather than 0 visibility. Not to mention how much it would ease pinpointing faulty/aggressive parties thus in long run it could have very positive effect for things like proper anti-spoofing configurations. -- ++ytti
Current thread:
- attacking DDOS using BGP communities? Saku Ytti (Oct 17)
- Message not available
- Re: attacking DDOS using BGP communities? Saku Ytti (Oct 18)
- Message not available
- Re: attacking DDOS using BGP communities? Saku Ytti (Oct 18)
- Re: attacking DDOS using BGP communities? Saku Ytti (Oct 18)
- Message not available
- Re: attacking DDOS using BGP communities? Iljitsch van Beijnum (Oct 22)
- Re: attacking DDOS using BGP communities? Hank Nussbacher (Oct 22)
- <Possible follow-ups>
- RE: attacking DDOS using BGP communities? Frank Scalzo (Oct 18)
- RE: attacking DDOS using BGP communities? Jason Lixfeld (Oct 18)
- RE: attacking DDOS using BGP communities? alex (Oct 18)
- RE: attacking DDOS using BGP communities? Christopher L. Morrow (Oct 18)
- RE: attacking DDOS using BGP communities? alex (Oct 18)
- RE: attacking DDOS using BGP communities? Jason Lixfeld (Oct 18)