[155100] in North American Network Operators' Group
Re: DDoS using port 0 and 53 (DNS)
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Thu Jul 26 00:03:41 2012
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: NANOG list <nanog@nanog.org>
Date: Thu, 26 Jul 2012 04:03:01 +0000
In-Reply-To: <F3318834F1F89D46857972DD4B411D7005385E1412@exchange>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jul 26, 2012, at 5:13 AM, Drew Weaver wrote:
> Another nice "emerging" tool [I say emerging because it's been around for=
ever but nobody implements it] to deal with this is Flowspec, using flowspe=
c you can instruct your Upstream to block traffic with much more granular c=
haracteristics.
flowspec is essentially S/RTBH with layer-4 granularity (it can do some oth=
er things, as well). I certainly hope that vendors who've not yet implemen=
ted it will do so, it's a great tool, as you say.
Even customer-triggered S/RTBH is very useful, and some ISPs have implement=
ed it for their customers.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
