[98738] in North American Network Operators' Group
RE: ONS - The few the proud ... the sleeping
daemon@ATHENA.MIT.EDU (michael.dillon@bt.com)
Thu Aug 16 14:01:10 2007
Date: Thu, 16 Aug 2007 16:00:36 +0100
In-Reply-To: <46C457F3.9020506@packetpimp.org>
From: <michael.dillon@bt.com>
To: <nanog@nanog.org>
Errors-To: owner-nanog@merit.edu
> Unless all these bots are directly connected (direct=20
> customer) and concentrated on one portion of the network (not=20
> spread across the entire access layer) I can't imagine with=20
> the tools, features, products, etc that are available today=20
> (that can almost manage dDoS attacks for you) that it=20
> couldn't be mitigated. 5-6 years ago this would have been a=20
> lot tougher, but it was still doable.
Remote triggered BGP blackhole filtering comes to mind
ftp://ftp-eng.cisco.com/cons/isp/security/Remote-Triggered-Black-Hole-Fi
ltering-02.pdf
And if the bots are directly connected or concentrated in one point of
the network, it seems to me that simple ACLs can mitigate the attack.
I agree that DDoS is not likely to take down a network big enough to be
called a backbone unless there is some kind of unforeseen side effects
to the DDoS.
--Michael Dillon
