Re: UUNet Offer New Protection Against DDoS

[Danny McPherson <danny () tcb net>]

On Mar 3, 2004, at 11:24 AM, Stephen Perciballi wrote:
> To the best of my knowledge, MCI/UUNET ~was~ the first to implement 
> this.  I've
> been using it for well over a year now.

Indeed.  One could even get "fancy" and set of different community
sets to allow customers to drop traffic only on peering routers (as
opposed to customer or all routers, etc..).  The "Customer-Triggered
Real Time Blackhole" tutorial that Chris, Tim and I gave in Miami
talks about how to go about doing this.

One step further is uRPF coupling with blackhole routing for sourced-
based drops, though I suspect you probably won't want to do this
with customers :-)

Finally, the BGP Flow Specification stuff provides a start at a more
granular BGP-based method by employing new AFI/SAFI.  If you've got
feedback please pass it along.

http://www.tcb.net/draft-marques-idr-flow-spec-00.txt

-danny