[133308] in North American Network Operators' Group
Re: Over a decade of DDOS--any progress yet?
daemon@ATHENA.MIT.EDU (alvaro.sanchez@adinet.com.uy)
Wed Dec 8 11:22:50 2010
Date: Wed, 8 Dec 2010 13:18:39 -0300 (UYT)
From: "alvaro.sanchez@adinet.com.uy" <alvaro.sanchez@adinet.com.uy>
To: <deleskie@gmail.com>, Drew Weaver <drew.weaver@thenap.com>
Cc: North American Operators' Group <nanog@nanog.org>
Reply-To: "alvaro.sanchez@adinet.com.uy" <alvaro.sanchez@adinet.com.uy>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
May be. Anyway, under ddos attack, your links may be congested, and you=20
need to recover them. You have small margin to move. The farther=20
upstream the attack is repelled, the better chances you have for=20
restoring connectivity.=20
>----Mensaje original----
>De: deleskie@gmail.com
>Fecha: 08/12/2010 12:31=20
>Para: "Drew Weaver"<drew.weaver@thenap.com>
>CC: "alvaro.sanchez@adinet.com.uy"<alvaro.sanchez@adinet.com.uy>,=20
"rdobbins@arbor.net"<rdobbins@arbor.net>, "North American Operators'=20
Group"<nanog@nanog.org>
>Asunto: Re: Over a decade of DDOS--any progress yet?
>
>+1
>
>On Wed, Dec 8, 2010 at 10:30 AM, Drew Weaver <drew.weaver@thenap.com>=20
wrote:
>> Yes, but this obviously completes the 'DDoS attack' and sends the=20
signal that the bully will win.
>>
>> -Drew
>>
>>
>> -----Original Message-----
>> From: alvaro.sanchez@adinet.com.uy [mailto:alvaro.sanchez@adinet.
com.uy]
>> Sent: Wednesday, December 08, 2010 8:46 AM
>> To: rdobbins@arbor.net; North American Operators' Group
>> Subject: Re: Over a decade of DDOS--any progress yet?
>>
>> A very common action is to blackhole ddos traffic upstream by=20
sending a
>> bgp route to the next AS with a preestablished community indicating=20
the
>> traffic must be sent to Null0. The route may be very specific, in=20
order
>> to impact as less as possible. This needs previous coordination=20
between
>> providers.
>> Regards.
>>
>>>----Mensaje original----
>>>De: rdobbins@arbor.net
>>>Fecha: 08/12/2010 10:53
>>>Para: "North American Operators' Group"<nanog@nanog.org>
>>>Asunto: Re: Over a decade of DDOS--any progress yet?
>>>
>>>
>>>On Dec 8, 2010, at 7:28 PM, Arturo Servin wrote:
>>>
>>>> =A0 =A0 =A0One big problem (IMHO) of DDoS is that sources (the host of
>> botnets) may be completely unaware that they are part of a DDoS. I=20
do
>> not mean the bot machine, I mean the ISP connecting those.
>>>
>>>The technology exists to detect and classify this attack traffic,=20
and
>> is deployed in production networks today.
>>>
>>>And of course, the legitimate owners of the botted hosts are
>> generally unaware that their machine is being used for nefarious
>> purposes.
>>>
>>>> =A0 =A0 =A0In the other hand the target of a DDoS cannot do anything t=
o=20
stop
>> to attack besides adding more BW or contacting one by one the whole
>> path of providers to try to minimize the effect.
>>>
>>>Actually, there're lots of things they can do.
>>>
>>>> =A0 =A0 =A0I know that this has many security concerns, but would it b=
e=20
good
>> a signalling protocol between ISPs to inform the sources of a DDoS
>> attack in order to take semiautomatic actions to rate-limit the=20
traffic
>> as close as the source? Of course that this is more complex that=20
these
>> three or two lines, but I wonder if this has been considerer in the
>> past.
>>>
>>>It already exists.
>>>
>>>-----------------------------------------------------------------------
>>>Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.
com>
>>>
>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0Sell your computer and buy a guitar.
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>
