nanog mailing list archives
RE: attacking DDOS using BGP communities?
From: alex () yuriev com
Date: Fri, 18 Oct 2002 10:43:24 -0400 (EDT)
Interesting -- I was actually having a conversation about this very same thing with a friend of mine a few days ago. The problem we had, was that he had next-hop-self on all of his ibgp mesh routers. Does that not make it difficult to put an ip next-hop in? Also, would that ip next-hop be propagated throughout his mesh or would that same route-map have to be present on all the edge routers? The other thing we were toying with was a setting the administrative distance for said black-holed route to be less than that of his igp and having his IGP route to 127.0.0.1 or something.
Again, by doing this you are denying service since you are dropping all the packets addressed to the target. Such protection mounts another DOS attack on the target, this time by preventing any packets traveling though your network from reaching the targets, as opposite to preventing DDOS from using your network. If such system is implemented, the DOS attacks will become a lot harder to trace and chase after, since the attackers will simply trigger target blackholing. Alex
Current thread:
- attacking DDOS using BGP communities? Saku Ytti (Oct 17)
- Message not available
- Re: attacking DDOS using BGP communities? Saku Ytti (Oct 18)
- Message not available
- Re: attacking DDOS using BGP communities? Saku Ytti (Oct 18)
- Re: attacking DDOS using BGP communities? Saku Ytti (Oct 18)
- Message not available
- Re: attacking DDOS using BGP communities? Iljitsch van Beijnum (Oct 22)
- Re: attacking DDOS using BGP communities? Hank Nussbacher (Oct 22)
- <Possible follow-ups>
- RE: attacking DDOS using BGP communities? Frank Scalzo (Oct 18)
- RE: attacking DDOS using BGP communities? Jason Lixfeld (Oct 18)
- RE: attacking DDOS using BGP communities? alex (Oct 18)
- RE: attacking DDOS using BGP communities? Christopher L. Morrow (Oct 18)
- RE: attacking DDOS using BGP communities? alex (Oct 18)
- RE: attacking DDOS using BGP communities? Jason Lixfeld (Oct 18)