Over a decade of DDOS--any progress yet?

alvaro.sanchez at adinet.com.uy alvaro.sanchez at adinet.com.uy
Wed Dec 8 16:18:39 UTC 2010


May be. Anyway, under ddos attack, your links may be congested, and you 
need to recover them. You have small margin to move. The farther 
upstream the attack is repelled, the better chances you have for 
restoring connectivity. 

>----Mensaje original----
>De: deleskie at gmail.com
>Fecha: 08/12/2010 12:31 
>Para: "Drew Weaver"<drew.weaver at thenap.com>
>CC: "alvaro.sanchez at adinet.com.uy"<alvaro.sanchez at adinet.com.uy>, 
"rdobbins at arbor.net"<rdobbins at arbor.net>, "North American Operators' 
Group"<nanog at nanog.org>
>Asunto: Re: Over a decade of DDOS--any progress yet?
>
>+1
>
>On Wed, Dec 8, 2010 at 10:30 AM, Drew Weaver <drew.weaver at thenap.com> 
wrote:
>> Yes, but this obviously completes the 'DDoS attack' and sends the 
signal that the bully will win.
>>
>> -Drew
>>
>>
>> -----Original Message-----
>> From: alvaro.sanchez at adinet.com.uy [mailto:alvaro.sanchez at adinet.
com.uy]
>> Sent: Wednesday, December 08, 2010 8:46 AM
>> To: rdobbins at arbor.net; North American Operators' Group
>> Subject: Re: Over a decade of DDOS--any progress yet?
>>
>> A very common action is to blackhole ddos traffic upstream by 
sending a
>> bgp route to the next AS with a preestablished community indicating 
the
>> traffic must be sent to Null0. The route may be very specific, in 
order
>> to impact as less as possible. This needs previous coordination 
between
>> providers.
>> Regards.
>>
>>>----Mensaje original----
>>>De: rdobbins at arbor.net
>>>Fecha: 08/12/2010 10:53
>>>Para: "North American Operators' Group"<nanog at nanog.org>
>>>Asunto: Re: Over a decade of DDOS--any progress yet?
>>>
>>>
>>>On Dec 8, 2010, at 7:28 PM, Arturo Servin wrote:
>>>
>>>>      One big problem (IMHO) of DDoS is that sources (the host of
>> botnets) may be completely unaware that they are part of a DDoS. I 
do
>> not mean the bot machine, I mean the ISP connecting those.
>>>
>>>The technology exists to detect and classify this attack traffic, 
and
>> is deployed in production networks today.
>>>
>>>And of course, the legitimate owners of the botted hosts are
>> generally unaware that their machine is being used for nefarious
>> purposes.
>>>
>>>>      In the other hand the target of a DDoS cannot do anything to 
stop
>> to attack besides adding more BW or contacting one by one the whole
>> path of providers to try to minimize the effect.
>>>
>>>Actually, there're lots of things they can do.
>>>
>>>>      I know that this has many security concerns, but would it be 
good
>> a signalling protocol between ISPs to inform the sources of a DDoS
>> attack in order to take semiautomatic actions to rate-limit the 
traffic
>> as close as the source? Of course that this is more complex that 
these
>> three or two lines, but I wonder if this has been considerer in the
>> past.
>>>
>>>It already exists.
>>>
>>>-----------------------------------------------------------------------
>>>Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.
com>
>>>
>>>              Sell your computer and buy a guitar.
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>






More information about the NANOG mailing list