nanog mailing list archives
Re: Over a decade of DDOS--any progress yet?
From: "alvaro.sanchez () adinet com uy" <alvaro.sanchez () adinet com uy>
Date: Wed, 8 Dec 2010 13:18:39 -0300 (UYT)
May be. Anyway, under ddos attack, your links may be congested, and you need to recover them. You have small margin to move. The farther upstream the attack is repelled, the better chances you have for restoring connectivity.
----Mensaje original---- De: deleskie () gmail com Fecha: 08/12/2010 12:31 Para: "Drew Weaver"<drew.weaver () thenap com> CC: "alvaro.sanchez () adinet com uy"<alvaro.sanchez () adinet com uy>,
"rdobbins () arbor net"<rdobbins () arbor net>, "North American Operators' Group"<nanog () nanog org>
Asunto: Re: Over a decade of DDOS--any progress yet? +1 On Wed, Dec 8, 2010 at 10:30 AM, Drew Weaver <drew.weaver () thenap com>
wrote:
Yes, but this obviously completes the 'DDoS attack' and sends the
signal that the bully will win.
-Drew -----Original Message----- From: alvaro.sanchez () adinet com uy [mailto:alvaro.sanchez@adinet.
com.uy]
Sent: Wednesday, December 08, 2010 8:46 AM To: rdobbins () arbor net; North American Operators' Group Subject: Re: Over a decade of DDOS--any progress yet? A very common action is to blackhole ddos traffic upstream by
sending a
bgp route to the next AS with a preestablished community indicating
the
traffic must be sent to Null0. The route may be very specific, in
order
to impact as less as possible. This needs previous coordination
between
providers. Regards.----Mensaje original---- De: rdobbins () arbor net Fecha: 08/12/2010 10:53 Para: "North American Operators' Group"<nanog () nanog org> Asunto: Re: Over a decade of DDOS--any progress yet? On Dec 8, 2010, at 7:28 PM, Arturo Servin wrote:One big problem (IMHO) of DDoS is that sources (the host ofbotnets) may be completely unaware that they are part of a DDoS. I
do
not mean the bot machine, I mean the ISP connecting those.The technology exists to detect and classify this attack traffic,
and
is deployed in production networks today.And of course, the legitimate owners of the botted hosts aregenerally unaware that their machine is being used for nefarious purposes.In the other hand the target of a DDoS cannot do anything to
stop
to attack besides adding more BW or contacting one by one the whole path of providers to try to minimize the effect.Actually, there're lots of things they can do.I know that this has many security concerns, but would it be
good
a signalling protocol between ISPs to inform the sources of a DDoS attack in order to take semiautomatic actions to rate-limit the
traffic
as close as the source? Of course that this is more complex that
these
three or two lines, but I wonder if this has been considerer in the past.It already exists. ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.
com>
Sell your computer and buy a guitar.
Current thread:
- Re: Over a decade of DDOS--any progress yet?, (continued)
- Re: Over a decade of DDOS--any progress yet? Jack Bates (Dec 08)
- RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Jack Bates (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Jeffrey Lyon (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Michael Costello (Dec 08)
- RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 10)
- Re: Over a decade of DDOS--any progress yet? Michael Costello (Dec 11)
- Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
- RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 10)