Re: attacking DDOS using BGP communities?

2002-10-22 Thread Hank Nussbacher
At 09:12 AM 22-10-02 +0200, Iljitsch van Beijnum wrote: Ok, I'm a bit late to the party but... On Fri, 18 Oct 2002, Saku Ytti wrote: 1) Signaling unwanted traffic. You would set community which would just inform that you are receiving unwanted traffic. This way responsible AS# with

Re: attacking DDOS using BGP communities?

2002-10-18 Thread Saku Ytti
On (2002-10-18 00:15 -0400), John Fraizer wrote: 2) 'TTL' community. -just think about the amount of route-maps : Whoa. Decrementing a single community integer value while leaving others unchanged would seem to be a bit tricky. This would require much more work on the part of

Re: attacking DDOS using BGP communities?

2002-10-18 Thread Saku Ytti
On (2002-10-18 04:13 -0400), John Fraizer wrote: You receive a prefix with the communities :1 :2 :3 and TTL-COMM:2. You need to decrement the TTL-COMM value while leaving the other 3 communities unchanged. Yes this would need change in IOS/JunOS but it wouldn't actually be hard

RE: attacking DDOS using BGP communities?

2002-10-18 Thread Frank Scalzo
the majority of large providers to implement one is a good start. -Original Message- From: Saku Ytti [mailto:saku+nanog;ytti.fi] Sent: Thursday, October 17, 2002 5:23 PM To: [EMAIL PROTECTED] Subject: attacking DDOS using BGP communities? How feasible would these ideas be? 1) Signaling

RE: attacking DDOS using BGP communities?

2002-10-18 Thread Jason Lixfeld
. -Original Message- From: [EMAIL PROTECTED] [mailto:owner-nanog;merit.edu] On Behalf Of Frank Scalzo Sent: Friday, October 18, 2002 9:52 AM To: Saku Ytti; [EMAIL PROTECTED] Subject: RE: attacking DDOS using BGP communities? 701 has a blackhole community, 701:, basically

RE: attacking DDOS using BGP communities?

2002-10-18 Thread alex
701 has a blackhole community, 701:, basically it sets the next-hop to something blackholed on their edge so the DOS attack gets dropped as soon as it hits them. I have made use of this to kill at least one DDOS event. A global blackhole community may be difficult to achieve, but

RE: attacking DDOS using BGP communities?

2002-10-18 Thread alex
Interesting -- I was actually having a conversation about this very same thing with a friend of mine a few days ago. The problem we had, was that he had next-hop-self on all of his ibgp mesh routers. Does that not make it difficult to put an ip next-hop in? Also, would that ip next-hop

RE: attacking DDOS using BGP communities?

2002-10-18 Thread Christopher L. Morrow
Of Frank Scalzo Sent: Friday, October 18, 2002 9:52 AM To: Saku Ytti; [EMAIL PROTECTED] Subject: RE: attacking DDOS using BGP communities? 701 has a blackhole community, 701:, basically it sets the next-hop to something blackholed on their edge so the DOS attack gets dropped

attacking DDOS using BGP communities?

2002-10-17 Thread Saku Ytti
How feasible would these ideas be? 1) Signaling unwanted traffic. You would set community which would just inform that you are receiving unwanted traffic. This way responsible AS# with statistical netflow could easily automaticly search for these networks and report to NOC if both there is