nanog mailing list archives
Re: Securing Border Routers
From: Ryan Shea <ryanshea () google com>
Date: Wed, 19 Jan 2011 20:11:08 -0500
A stateful firewall outside of your router may create a new bottleneck which increases your risk of DoS. Making sure that you know (and document, and test) how to effectively contact your service providers should you be attacked would be a good idea. Find out if your service providers have BGP communities for remote triggered black hole (document and test). A denial of service will break the weakest link in the chain toward your services, so make sure you have appropriate bandwidth, a reasonable server architecture, and if you have money to burn consider a DDoS mitigation service. -Ryan On Wed, Jan 19, 2011 at 7:35 PM, Brandon Kim <brandon.kim () brandontek com>wrote:
Gents: What measures do you take to protect your border routers? Our routers are running BGP so I'm interested if there is any way to secure them without interfering with BGP? Is it normal to put a firewall in front of the border routers? I'm concerned about DDOS attacks mainly....although we haven't had any, I don't welcome them..... Brandon
Current thread:
- Securing Border Routers Brandon Kim (Jan 19)
- RE: Securing Border Routers Welch, Bryan (Jan 19)
- RE: Securing Border Routers Brandon Kim (Jan 19)
- Re: Securing Border Routers jim deleskie (Jan 19)
- Re: Securing Border Routers Owen DeLong (Jan 19)
- RE: Securing Border Routers Brandon Kim (Jan 19)
- RE: Securing Border Routers Welch, Bryan (Jan 19)
- Re: Securing Border Routers Ryan Shea (Jan 19)
- Re: Securing Border Routers virendra rode (Jan 20)
- Re: Securing Border Routers Roland Dobbins (Jan 20)