Dear Nanog Members, My name is Martin Bacher. I am a Student at UAS Technikum-Wien and I am currently writing my master’s thesis with topic "Addressing DDoS Attacks with BGP FlowSpec“.
It would be very helpful for me if some of you could share information about the following topics: - Intra-AS BGP FlowSpec deployment: Who is running it? For which kind of attacks are you using it? Are you only dropping or rate-limiting certain traffic or are you also using the redirect/remark capabilities? What are the limitations from your perspective? Are you facing any operational issues? How are you injecting the FlowSpec routes? - Inter-AS: Who is running Inter-AS FlowSpec deployments? What is your experience? Are there any concerns regarding Inter-AS deployments? Has anyone done interop tests? FlowSpec is usually only one part of the whole anti DDoS toolset. So I would also be interested in your answers to the following questions: - How are you detecting DDoS attacks (Netflow, in-line probes, ..?) and which applications are you using for the analysis (Peakflow, Open-Source tools, ..?) - Which countermeasures are you deploying in case of DDoS attacks? ACLs, FlowSpec, Blackhole routes, RTBH, scrubbing center, Cloud based DDoS services or anything else? - What is your operational experience? How fast are you in deploying countermeasures? Do you have any automation or is this always triggered by people? Last but not least: I am also looking for anonymized statistical data about DDoS attacks which I could use in the thesis. I am mainly interested in data about the type of attacks, attack time, sources, source and destination ports, and so on. I know this something which is generally not shared, so I would really appreciate it if someone would be able to share such data. Please send me your answers either via pn or directly to the list. Please also let me know if you think that there is something missing. Any comment or answer is highly appreciated. Looking forward to your replies. Many thanks. Greetings, Martin
