Effective ways to deal with DDoS attacks?
Richard A Steenbergen
ras at e-gerbil.net
Thu May 2 02:18:39 UTC 2002
On Wed, May 01, 2002 at 09:38:52PM -0400, Wojtek Zlobicki wrote:
>
> How about the following :
>
> We develop a new community , being fully transitive (666 would be
> appropriate ) and either build into router code or create a route map to
> null route anything that contains this community. The effect of this being
> the distribution of the force of the attack.
This has been proposed a dozen times over, and I agree that there should
be a well known community for discarding packets. Go try and get the IETF
to add it, let me know how it goes. :)
> This aside, how effective would be using a no export community with ones
> peers (being non transitive, it would still distribute the force of the
> attack).
Many people do this already. If you're looking to purchase transit and you
think this is something you'll care about, ask for it or vote with your
wallet.
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
More information about the NANOG
mailing list