[133290] in North American Network Operators' Group
Re: Over a decade of DDOS--any progress yet?
daemon@ATHENA.MIT.EDU (jim deleskie)
Wed Dec 8 09:32:22 2010
In-Reply-To: <F3318834F1F89D46857972DD4B411D70019C4766B6@EXCHANGE.thenap.com>
Date: Wed, 8 Dec 2010 10:31:51 -0400
From: jim deleskie <deleskie@gmail.com>
To: Drew Weaver <drew.weaver@thenap.com>
Cc: North American Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
+1
On Wed, Dec 8, 2010 at 10:30 AM, Drew Weaver <drew.weaver@thenap.com> wrote=
:
> Yes, but this obviously completes the 'DDoS attack' and sends the signal =
that the bully will win.
>
> -Drew
>
>
> -----Original Message-----
> From: alvaro.sanchez@adinet.com.uy [mailto:alvaro.sanchez@adinet.com.uy]
> Sent: Wednesday, December 08, 2010 8:46 AM
> To: rdobbins@arbor.net; North American Operators' Group
> Subject: Re: Over a decade of DDOS--any progress yet?
>
> A very common action is to blackhole ddos traffic upstream by sending a
> bgp route to the next AS with a preestablished community indicating the
> traffic must be sent to Null0. The route may be very specific, in order
> to impact as less as possible. This needs previous coordination between
> providers.
> Regards.
>
>>----Mensaje original----
>>De: rdobbins@arbor.net
>>Fecha: 08/12/2010 10:53
>>Para: "North American Operators' Group"<nanog@nanog.org>
>>Asunto: Re: Over a decade of DDOS--any progress yet?
>>
>>
>>On Dec 8, 2010, at 7:28 PM, Arturo Servin wrote:
>>
>>> =A0 =A0 =A0One big problem (IMHO) of DDoS is that sources (the host of
> botnets) may be completely unaware that they are part of a DDoS. I do
> not mean the bot machine, I mean the ISP connecting those.
>>
>>The technology exists to detect and classify this attack traffic, and
> is deployed in production networks today.
>>
>>And of course, the legitimate owners of the botted hosts are
> generally unaware that their machine is being used for nefarious
> purposes.
>>
>>> =A0 =A0 =A0In the other hand the target of a DDoS cannot do anything to=
stop
> to attack besides adding more BW or contacting one by one the whole
> path of providers to try to minimize the effect.
>>
>>Actually, there're lots of things they can do.
>>
>>> =A0 =A0 =A0I know that this has many security concerns, but would it be=
good
> a signalling protocol between ISPs to inform the sources of a DDoS
> attack in order to take semiautomatic actions to rate-limit the traffic
> as close as the source? Of course that this is more complex that these
> three or two lines, but I wonder if this has been considerer in the
> past.
>>
>>It already exists.
>>
>>-----------------------------------------------------------------------
>>Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
>>
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0Sell your computer and buy a guitar.
>>
>>
>>
>>
>>
>>
>
>
>
>
>
