[133518] in North American Network Operators' Group
RE: Over a decade of DDOS--any progress yet?
daemon@ATHENA.MIT.EDU (Drew Weaver)
Fri Dec 10 15:23:40 2010
From: Drew Weaver <drew.weaver@thenap.com>
To: 'Chris Boyd' <cboyd@gizmopartners.com>, NANOG <nanog@nanog.org>
Date: Fri, 10 Dec 2010 15:23:30 -0500
In-Reply-To: <C6065B87-F882-466E-882D-09882B42A431@gizmopartners.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Upstream providers generally have a hard time allowing you to write routes =
that you don't own into their table(s).
thanks,
-Drew
-----Original Message-----
From: Chris Boyd [mailto:cboyd@gizmopartners.com]=20
Sent: Wednesday, December 08, 2010 2:19 PM
To: NANOG
Subject: Re: Over a decade of DDOS--any progress yet?
On Dec 8, 2010, at 9:33 AM, Arturo Servin wrote:
> Yes, but all of them rely on your upstreams or in mirroring your content=
. If 100 Mbps are reaching your input interface of 10Mbps there is not much=
that you can do.
Hmm. What would be really cool is if you could use Snort, NetFlow/NBAR, or=
some other sort of DPI tech to find specifically the IP addresses of the D=
DoS bots, and then pass that information back upstream via BGP communities =
that tell your peer router to drop traffic from those addresses. That way =
the target of the traffic can continue to function if the DDoS traffic does=
n't closely mimic the normal traffic.
Your BGP peer router would need to have lots of memory for /32 or /64 route=
s though.
Anyone heard of such a beast? Or is this how the stuff from places like Ar=
bor Networks do their thing?
--Chris
