Not specific ports, but something more like: 'deny udp any my.target.slash.25 0.0.255.255'
BGP blackholing will obviously impact all traffic to a target. -chris 2014-05-12 15:20 GMT-07:00 Bob Evans <b...@fiberinternetcenter.com>: > Are you asking a transit network to filter specific ports as an end user > or as an ISP who has Level 3 as a transit provider? > > I haven't seen a specific port could be dropped by any network....Only > aware of BGP community string like, 3356:9999 - black hole (discard all > traffic for specific IP range) traffic type abilities. > > We have and will filter specific ports for customers. But this port type > ACL is completed by hand....I haven't seen anyone implement this using a > BGP community string. > > Bob Evans > CTO > Fiber Internet CenterThank You > Bob Evans > CTO > > > > We contacted Level3 a few weeks back, and were told that they do not > > provide any filtering service. > > I've not been able to confirm this from anyone else, besides the Level3 > > customer service rep we spoke with. > > > > Currently looking into a DDoS protection service from Akamai. Sounds > > awesome what they can do, but often "awesome" translates to "overkill" > > and/or "too expensive". > > > > -Petter > > > > -----Original Message----- > > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Christopher > > Rogers > > Sent: Monday, May 12, 2014 2:47 PM > > To: nanog@nanog.org > > Subject: level3 dia egress filtering? > > > > Does anyone have any experience dealing with level3 in trying to get > > egress filters applied to an internet dia link with them? > > > > I've been trying to get them to apply an egress filter to drop all of udp > > to a certain /25 on my network that's been getting hammered by a dns > > amplification attack, and I am being told that they can only 'drop an > > entire protocol, and not to a specific ip address or range.' > > > > Can anyone confirm if that's the case? > > > > cheers > > -chris > > > > >