At 09:12 AM 22-10-02 +0200, Iljitsch van Beijnum wrote:
Ok, I'm a bit late to the party but...
On Fri, 18 Oct 2002, Saku Ytti wrote:
1) Signaling unwanted traffic.
You would set community which would just inform that you are receiving
unwanted traffic. This way responsible AS# with
On (2002-10-18 00:15 -0400), John Fraizer wrote:
2) 'TTL' community.
-just think about the amount of route-maps :
Whoa. Decrementing a single community integer value while leaving others
unchanged would seem to be a bit tricky. This would require much more
work on the part of
On (2002-10-18 04:13 -0400), John Fraizer wrote:
You receive a prefix with the communities :1 :2 :3 and
TTL-COMM:2. You need to decrement the TTL-COMM value while leaving the
other 3 communities unchanged.
Yes this would need change in IOS/JunOS but it wouldn't actually be
hard
the majority of large providers to implement one is a good
start.
-Original Message-
From: Saku Ytti [mailto:saku+nanog;ytti.fi]
Sent: Thursday, October 17, 2002 5:23 PM
To: [EMAIL PROTECTED]
Subject: attacking DDOS using BGP communities?
How feasible would these ideas be?
1) Signaling
.
-Original Message-
From: [EMAIL PROTECTED] [mailto:owner-nanog;merit.edu] On
Behalf Of Frank Scalzo
Sent: Friday, October 18, 2002 9:52 AM
To: Saku Ytti; [EMAIL PROTECTED]
Subject: RE: attacking DDOS using BGP communities?
701 has a blackhole community, 701:, basically
701 has a blackhole community, 701:, basically it sets the next-hop
to something blackholed on their edge so the DOS attack gets dropped as
soon as it hits them. I have made use of this to kill at least one DDOS
event. A global blackhole community may be difficult to achieve, but
Interesting -- I was actually having a conversation about this very same
thing with a friend of mine a few days ago. The problem we had, was
that he had next-hop-self on all of his ibgp mesh routers. Does that
not make it difficult to put an ip next-hop in? Also, would that ip
next-hop
Of Frank Scalzo
Sent: Friday, October 18, 2002 9:52 AM
To: Saku Ytti; [EMAIL PROTECTED]
Subject: RE: attacking DDOS using BGP communities?
701 has a blackhole community, 701:, basically it sets
the next-hop
to something blackholed on their edge so the DOS attack gets
dropped
How feasible would these ideas be?
1) Signaling unwanted traffic.
You would set community which would just inform that you are receiving
unwanted traffic. This way responsible AS# with statistical netflow
could easily automaticly search for these networks and report to NOC if
both there is