Over a decade of DDOS--any progress yet?

• Previous message (by thread): Over a decade of DDOS--any progress yet?
• Next message (by thread): Over a decade of DDOS--any progress yet?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Upstream providers generally have a hard time allowing you to write routes that you don't own into their table(s).

thanks,
-Drew


-----Original Message-----
From: Chris Boyd [mailto:cboyd at gizmopartners.com] 
Sent: Wednesday, December 08, 2010 2:19 PM
To: NANOG
Subject: Re: Over a decade of DDOS--any progress yet?


On Dec 8, 2010, at 9:33 AM, Arturo Servin wrote:

> 	Yes, but all of them rely on your upstreams or in mirroring your content. If 100 Mbps are reaching your input interface of 10Mbps there is not much that you can do.


Hmm.  What would be really cool is if you could use Snort, NetFlow/NBAR, or some other sort of DPI tech to find specifically the IP addresses of the DDoS bots, and then pass that information back upstream via BGP communities that tell your peer router to drop traffic from those addresses.  That way the target of the traffic can continue to function if the DDoS traffic doesn't closely mimic the normal traffic.

Your BGP peer router would need to have lots of memory for /32 or /64 routes though.

Anyone heard of such a beast?  Or is this how the stuff from places like Arbor Networks do their thing?

--Chris

• Previous message (by thread): Over a decade of DDOS--any progress yet?
• Next message (by thread): Over a decade of DDOS--any progress yet?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]