[38219] in North American Network Operators' Group
Re: engineering --> ddos and flooding
daemon@ATHENA.MIT.EDU (Jared Mauch)
Thu May 31 18:08:15 2001
Date: Thu, 31 May 2001 18:06:36 -0400
From: Jared Mauch <jared@puck.Nether.net>
To: Andrew Dorsett <zerocool@netpath.net>
Cc: nanog@merit.edu
Message-ID: <20010531180636.B1393@puck.nether.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4.3.2.7.2.20010531175313.024ed980@mail.netpath.net>; from zerocool@netpath.net on Thu, May 31, 2001 at 05:59:18PM -0400
Errors-To: owner-nanog-outgoing@merit.edu
There is some work going on in IETF (itrace) to trace these
attacks back even w/ spoofed ips, etc..
There are currently no "poison" bgp updates you can send upstream
to get them to blackhole the traffic.
- Jared
On Thu, May 31, 2001 at 05:59:18PM -0400, Andrew Dorsett wrote:
>
> Hey, this is a technical question for all of the Network
> Engineers/Architects on the list. Has a method been found to stop an
> incoming attack? Granted you can filter the packets to null on the router,
> but that doesn't stop them from coming across the wire and into the
> router. Has a way been devised to stop them from coming into the router;
> via something like a BGP update to null the packets or what? I'm concerned
> about a flood that is so massive coming from the core and flooding a small
> T1 or less.
>
> Thanks,
> Andrew
> ---
> <zerocool@netpath.net>
> http://www.andrewsworld.net/
> ICQ: 2895251
> Cisco Certified Network Associate
> Development Assistant: Netpath/Stratonet, Inc.
> (http://www.netpath.net/)
> Email: dorsett@netpath.net
>
> "Learn from the mistakes of others. You won't live long enough to make all
> of them yourself." -- Unknown
> "YEEEHA!!! What a CRASH!!!" -- Random System Administrator
--
Jared Mauch | pgp key available via finger from jared@puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
