nanog mailing list archives
Re: Last-call DoS/DoS Attack BCOP
From: Maxwell Cole <mcole.mailinglists () gmail com>
Date: Tue, 24 Mar 2015 09:29:00 -0400
On 3/24/15 5:27 AM, Rob Seastrom wrote:
John Kristoff <jtk () cymru com> writes:If the attack is an infrastructure attack, say a routing interface that wouldn't normally receive or emit traffic from its assigned address except perhaps for network connectivity testing (e.g. traceroute) or control link local control traffic (e.g. local SPF adjacencies, BGP neighbors), you can "hide" those addresses, making them somewhat less easy to target by using something like unnumbered or unadvertised or ambiguous address space (e.g. RFC 1918).That comes at a cost, both operational/debugging and breaking pmtud. But if you don't care about collateral damage, setting the interface to admin-down stops attacks against it *cold*. Due to the drawbacks, I wouldn't consider this a good candidate for inclusion in a BCOP document. I have often thought there ought to be a companion series for Questionable Current Operational Practices, or maybe "desperate measures". I volunteer to write the article on "YOLO upgrades", wherein one loads untested software on equipment with no OOB, types "request system reboot", shouts "YOLO", and hits return. -r
You could have a whole blog series about redistributing BGP into IGPs. Or a "tricks and tips" section to add an allow any to all of your ACLs.
Current thread:
- Re: Last-call DoS/DoS Attack BCOP Yardiel D . Fuentes (Mar 23)
- Re: Last-call DoS/DoS Attack BCOP John Kristoff (Mar 23)
- Re: Last-call DoS/DoS Attack BCOP Rob Seastrom (Mar 24)
- Re: Last-call DoS/DoS Attack BCOP Maxwell Cole (Mar 24)
- Re: Last-call DoS/DoS Attack BCOP Christopher Morrow (Mar 24)
- Re: Last-call DoS/DoS Attack BCOP Rob Seastrom (Mar 25)
- Re: Last-call DoS/DoS Attack BCOP John Kristoff (Mar 25)
- Re: Last-call DoS/DoS Attack BCOP Christopher Morrow (Mar 25)
- Re: Last-call DoS/DoS Attack BCOP Rob Seastrom (Mar 24)
- Re: Last-call DoS/DoS Attack BCOP John Kristoff (Mar 23)
- <Possible follow-ups>
- Re: Last-call DoS/DoS Attack BCOP Scott Weeks (Mar 24)
- RE: Last-call DoS/DoS Attack BCOP Chuck Church (Mar 25)