Re: Effective ways to deal with DDoS attacks?

[Iljitsch van Beijnum <iljitsch () muada com>]

On Thu, 2 May 2002, Christopher L. Morrow wrote:

> Congrats on re-inventing the wheel :( This is what
> mazuu/arbor/wanwall(riverhead now?) all do... this is also the way
> CenterTrack(tm robert stone) was kind of supposed to work.

Thanks for the kind works.

Just to be clear: I'm not working on a _product_, just on a paper
explaining how to do this using standard components and protocols.

> As near as I can tell this doesn't scale too well in a large network.

If you have a router that can forward 10 Gbps into the right direction,
you can also have a router forward 10 Gbps in the wrong direction. That's
pretty much all it takes.

> This is a shame, but its a reality. Additionally 20k sources max? that's not
> nearly enough, how many addresses are in 0/0 ? you should atleast plan for
> this contingency...

The idea is to use unicast RPF. So you're only limited by the number of
routes a Cisco can hold. 20k per customer under attack should be doable
without too much effort, more should be possible, but filtering 0/0
defeats the purpose. Also, it can be done using a single line, so no
problem there.