[188924] in North American Network Operators' Group
BGP FlowSpec
daemon@ATHENA.MIT.EDU (Martin Bacher)
Mon Apr 25 00:04:08 2016
X-Original-To: nanog@nanog.org
From: Martin Bacher <ti14m028@technikum-wien.at>
Date: Thu, 21 Apr 2016 09:46:13 +0200
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Dear Nanog Members,
My name is Martin Bacher. I am a Student at UAS Technikum-Wien and I am =
currently writing my master=E2=80=99s thesis with topic "Addressing DDoS =
Attacks with BGP FlowSpec=E2=80=9C.
It would be very helpful for me if some of you could share information =
about the following topics:
- Intra-AS BGP FlowSpec deployment: Who is running it? For which kind of =
attacks are you using it? Are you only dropping or rate-limiting certain =
traffic or are you also using the redirect/remark capabilities? What are =
the limitations from your perspective? Are you facing any operational =
issues? How are you injecting the FlowSpec routes?
- Inter-AS: Who is running Inter-AS FlowSpec deployments? What is your =
experience? Are there any concerns regarding Inter-AS deployments? Has =
anyone done interop tests?
FlowSpec is usually only one part of the whole anti DDoS toolset. So I =
would also be interested in your answers to the following questions:
- How are you detecting DDoS attacks (Netflow, in-line probes, ..?) and =
which applications are you using for the analysis (Peakflow, Open-Source =
tools, ..?)
- Which countermeasures are you deploying in case of DDoS attacks? ACLs, =
FlowSpec, Blackhole routes, RTBH, scrubbing center, Cloud based DDoS =
services or anything else?
- What is your operational experience? How fast are you in deploying =
countermeasures? Do you have any automation or is this always triggered =
by people?
Last but not least: I am also looking for anonymized statistical data =
about DDoS attacks which I could use in the thesis. I am mainly =
interested in data about the type of attacks, attack time, sources, =
source and destination ports, and so on. I know this something which is =
generally not shared, so I would really appreciate it if someone would =
be able to share such data.
Please send me your answers either via pn or directly to the list. =
Please also let me know if you think that there is something missing. =
Any comment or answer is highly appreciated.
Looking forward to your replies.
Many thanks.
Greetings,
Martin
