Re: Effective ways to deal with DDoS attacks?

[dies <dies () pulltheplug com>]

Then you are pushing out /32's and peers would need to accept them.  Then
someone will want to blackhole /30's, /29's, etc.  Route bloat.  Yum!

Additionally you are creating a way to basically destroy the Internet as a
whole.  One kiddie gets ahold of a router, say of a large backbone
provider, takes one of their aggregate blocks (/16? /10? /8?) and splits
it into /32 announcements.

Anyways, some providers already allow you to set a community on a route,
and they will inturn "blackhole" it for you.  I believe Teleglobe does
this for some customers and I know UUNet does this for all customers.

On Wed, 1 May 2002, Wojtek Zlobicki wrote:

> > > What processes and/or tools are large networks using to
> > > identify and limit the impact of DDoS attacks?
> >
> > A great deal of thought is being expended on this question, I am certain,
> > however, how many of these thought campaings have born significant fruit
> yet,
> > I do not know.
>
> How about the following :
>
> We develop a new community , being fully transitive (666 would be
> appropriate ) and either build into router code or create a route map to
> null route anything that contains this community.  The effect of this being
> the distribution of the force of the attack.
>
> This aside, how effective would be using a no export community with ones
> peers (being non transitive, it would still distribute the force of the
> attack).