[52826] in North American Network Operators' Group
Re: attacking DDOS using BGP communities?
daemon@ATHENA.MIT.EDU (Saku Ytti)
Fri Oct 18 03:44:26 2002
Date: Fri, 18 Oct 2002 10:43:52 +0300
From: Saku Ytti <saku+nanog@ytti.fi>
To: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.21.0210180008160.17173-100000@Overkill.EnterZone.Net>
Errors-To: owner-nanog-outgoing@merit.edu
On (2002-10-18 00:15 -0400), John Fraizer wrote:
> > 2) 'TTL' community.
> >
> > -just think about the amount of route-maps :>
>
> Whoa. Decrementing a single community integer value while leaving others
> unchanged would seem to be a bit tricky. This would require much more
> work on the part of others than the first suggestion and I think it would
> attract far fewer participants for that matter.
Actually would it matter if it wouldn't be additive change? Since it
would be diagnostic/special case. But of course it would be trivial for the
vendors to add support for changing the communities this way, if
this could be performed as a additive change you could offer your
customers automaticly partial visiblity under DOS attack until it's
resolved rather than 0 visibility.
Not to mention how much it would ease pinpointing faulty/aggressive parties
thus in long run it could have very positive effect for things like proper
anti-spoofing configurations.
--
++ytti
