nanog mailing list archives
Re: DDoS using port 0 and 53 (DNS)
From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Thu, 26 Jul 2012 04:03:01 +0000
On Jul 26, 2012, at 5:13 AM, Drew Weaver wrote:
Another nice "emerging" tool [I say emerging because it's been around forever but nobody implements it] to deal with this is Flowspec, using flowspec you can instruct your Upstream to block traffic with much more granular characteristics.
flowspec is essentially S/RTBH with layer-4 granularity (it can do some other things, as well). I certainly hope that vendors who've not yet implemented it will do so, it's a great tool, as you say. Even customer-triggered S/RTBH is very useful, and some ISPs have implemented it for their customers. ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
Current thread:
- Re: DDoS using port 0 and 53 (DNS), (continued)
- Re: DDoS using port 0 and 53 (DNS) Dobbins, Roland (Jul 24)
- Re: DDoS using port 0 and 53 (DNS) Dobbins, Roland (Jul 24)
- RE: DDoS using port 0 and 53 (DNS) Frank Bulk (Jul 25)
- Re: DDoS using port 0 and 53 (DNS) Dobbins, Roland (Jul 25)
- Re: DDoS using port 0 and 53 (DNS) Jimmy Hess (Jul 24)
- Re: DDoS using port 0 and 53 (DNS) John Kristoff (Jul 25)
- Re: DDoS using port 0 and 53 (DNS) Joel Maslak (Jul 25)
- Re: DDoS using port 0 and 53 (DNS) Dobbins, Roland (Jul 25)
- Re: DDoS using port 0 and 53 (DNS) Mark Andrews (Jul 25)
- Re: DDoS using port 0 and 53 (DNS) John Kristoff (Jul 25)
- Re: DDoS using port 0 and 53 (DNS) Dobbins, Roland (Jul 25)