[38242] in North American Network Operators' Group
Re: engineering --> ddos and flooding
daemon@ATHENA.MIT.EDU (Mark Mentovai)
Fri Jun 1 14:42:48 2001
Date: Fri, 1 Jun 2001 14:36:49 -0400 (EDT)
From: Mark Mentovai <mark-list@mentovai.com>
To: Walter Prue <prue@ISI.EDU>
Cc: <nanog@merit.edu>
In-Reply-To: <200106011815.SAA29053@i-14.isi.edu>
Message-ID: <Pine.GSO.4.33.0106011432450.449-100000@oak.ggn.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
Walter Prue wrote:
>I came up with a solution for networks with ISP connections to deal
>quickly with DDOS attacks without having to be able to work with a
>network technician at the ISP for immediate relief. If the ISP agrees,
>install a second low speed connection to the same router your primary
>router BGP peers with. Through this low speed connection you run a
>second bgp session advertising the /32 that is being attacked by the
>DDOS. You mark the /32 as NO-ADVERTISE so the route doesn't leave the
>border router.
Or, without adding an extra connection, negotiate a NULLROUTE community with
your upstream provider. This would be a wonderful addition to the
well-known BGP communities. I'll bring this up on IDR.
Mark
