nanog mailing list archives

RE: ONS - The few the proud ... the sleeping

From: <michael.dillon () bt com>
Date: Thu, 16 Aug 2007 16:00:36 +0100

Unless all these bots are directly connected (direct 
customer) and concentrated on one portion of the network (not 
spread across the entire access layer) I can't imagine with 
the tools, features, products, etc that are available today 
(that can almost manage dDoS attacks for you) that it 
couldn't be mitigated.  5-6 years ago this would have been a 
lot tougher, but it was still doable.


Remote triggered BGP blackhole filtering comes to mind
ftp://ftp-eng.cisco.com/cons/isp/security/Remote-Triggered-Black-Hole-Fi
ltering-02.pdf

And if the bots are directly connected or concentrated in one point of
the network, it seems to me that simple ACLs can mitigate the attack.

I agree that DDoS is not likely to take down a network big enough to be
called a backbone unless there is some kind of unforeseen side effects
to the DDoS.

--Michael Dillon

Current thread:

Re: ONS - The few the proud ... the sleeping, (continued)
- - - Re: ONS - The few the proud ... the sleeping Jeff Aitken (Aug 16)
    - Re: ONS - The few the proud ... the sleeping bmanning (Aug 16)
    - Message not available
    - Re: ONS - The few the proud ... the sleeping Valdis . Kletnieks (Aug 16)
  - Re: ONS - The few the proud ... the sleeping Valdis . Kletnieks (Aug 15)
    - Re: ONS - The few the proud ... the sleeping J. Oquendo (Aug 16)
    - Re: ONS - The few the proud ... the sleeping Jason LeBlanc (Aug 16)
    - Re: ONS - The few the proud ... the sleeping Stephen Wilcox (Aug 16)
    - Re: ONS - The few the proud ... the sleeping J. Oquendo (Aug 16)
    - RE: ONS - The few the proud ... the sleeping michael.dillon (Aug 16)
    - Re: ONS - The few the proud ... the sleeping Jason LeBlanc (Aug 16)
    - RE: ONS - The few the proud ... the sleeping michael.dillon (Aug 16)
    - Re: ONS - The few the proud ... the sleeping Stephen Wilcox (Aug 17)