nanog mailing list archives
Re: Last-call DoS/DoS Attack BCOP
From: John Kristoff <jtk () cymru com>
Date: Mon, 23 Mar 2015 18:21:42 -0500
On Mon, 23 Mar 2015 19:00:14 -0400 Yardiel D.Fuentes <yardiel () gmail com> wrote:
Since there have been good feedback for this BCOP. The committee decided to extend the "last-call period" for another two weeks to give ample chance to further feedback. So, it is not late for more comments,
Hi Yardiel, Nice work so far. A couple of additional ideas for you if you care to use them. If the attack is an infrastructure attack, say a routing interface that wouldn't normally receive or emit traffic from its assigned address except perhaps for network connectivity testing (e.g. traceroute) or control link local control traffic (e.g. local SPF adjacencies, BGP neighbors), you can "hide" those addresses, making them somewhat less easy to target by using something like unnumbered or unadvertised or ambiguous address space (e.g. RFC 1918). A second suggestion, if you want to add a reference to it is the UTRS project, which is a free community project that brings networks together for the purpose of exchanging RTBH announcements. We've recently enabled automated relay for IPv4 /32's that have a history of sole origination from a peer. This is another DDoS mitigation tool in the tool box that many may find helpful. More detail can be found here: <http://www.cymru.com/jtk/misc/utrs.html> John
Current thread:
- Re: Last-call DoS/DoS Attack BCOP Yardiel D . Fuentes (Mar 23)
- Re: Last-call DoS/DoS Attack BCOP John Kristoff (Mar 23)
- Re: Last-call DoS/DoS Attack BCOP Rob Seastrom (Mar 24)
- Re: Last-call DoS/DoS Attack BCOP Maxwell Cole (Mar 24)
- Re: Last-call DoS/DoS Attack BCOP Christopher Morrow (Mar 24)
- Re: Last-call DoS/DoS Attack BCOP Rob Seastrom (Mar 25)
- Re: Last-call DoS/DoS Attack BCOP John Kristoff (Mar 25)
- Re: Last-call DoS/DoS Attack BCOP Christopher Morrow (Mar 25)
- Re: Last-call DoS/DoS Attack BCOP Rob Seastrom (Mar 24)
- Re: Last-call DoS/DoS Attack BCOP John Kristoff (Mar 23)
- <Possible follow-ups>
- Re: Last-call DoS/DoS Attack BCOP Scott Weeks (Mar 24)
- RE: Last-call DoS/DoS Attack BCOP Chuck Church (Mar 25)