nanog mailing list archives

Re: DDoS using port 0 and 53 (DNS)

From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Thu, 26 Jul 2012 04:03:01 +0000


On Jul 26, 2012, at 5:13 AM, Drew Weaver wrote:

Another nice "emerging" tool [I say emerging because it's been around forever but nobody implements it] to deal with 
this is Flowspec, using flowspec you can instruct your Upstream to block traffic with much more granular 
characteristics.


flowspec is essentially S/RTBH with layer-4 granularity (it can do some other things, as well).  I certainly hope that 
vendors who've not yet implemented it will do so, it's a great tool, as you say.

Even customer-triggered S/RTBH is very useful, and some ISPs have implemented it for their customers.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

          Luck is the residue of opportunity and design.

                       -- John Milton

Current thread:

Re: DDoS using port 0 and 53 (DNS), (continued)
- - - Re: DDoS using port 0 and 53 (DNS) Dobbins, Roland (Jul 24)
    - Re: DDoS using port 0 and 53 (DNS) Dobbins, Roland (Jul 24)
    - RE: DDoS using port 0 and 53 (DNS) Frank Bulk (Jul 25)
    - Re: DDoS using port 0 and 53 (DNS) Dobbins, Roland (Jul 25)
- Re: DDoS using port 0 and 53 (DNS) Jimmy Hess (Jul 24)
  - Re: DDoS using port 0 and 53 (DNS) John Kristoff (Jul 25)
    - Re: DDoS using port 0 and 53 (DNS) Joel Maslak (Jul 25)
    - Re: DDoS using port 0 and 53 (DNS) Dobbins, Roland (Jul 25)
    - Re: DDoS using port 0 and 53 (DNS) Mark Andrews (Jul 25)
- RE: DDoS using port 0 and 53 (DNS) Drew Weaver (Jul 25)
  - Re: DDoS using port 0 and 53 (DNS) Dobbins, Roland (Jul 25)