Effective ways to deal with DDoS attacks?

• Previous message (by thread): Effective ways to deal with DDoS attacks?
• Next message (by thread): Effective ways to deal with DDoS attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, May 01, 2002 at 10:15:44PM -0400, Leo Bicknell wrote:
> 
> In a message written on Wed, May 01, 2002 at 08:17:04PM -0500, dies wrote:
> > Then you are pushing out /32's and peers would need to accept them.  Then
> > someone will want to blackhole /30's, /29's, etc.  Route bloat.  Yum!
> 
> I'm not sure what form this would take, but I have long wished
> route processing could be sent into a "programming language".  For
> this specific example it would be nice to set a maximum number of
> route limit for the total number of routes on the session, as well
> as /per community/.

Agreed wholeheartedly. But then you'd have to have network engineers who 
could program (and no perl doesn't count). :)

> That is, community xxxx:666 == blackhole me, and I could limit each
> peer to say, 6 of these at a time.  More would not take down the
> session, but simply be ignored.
> 
> I can carry 6 /32's for every peer I have, and if they only have
> 6, they will probably use them for the most abusive target.

I give it 2 months, then they'll start hitting random dst IPs in a target
prefix (say a common /24 going through the same path).

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177  (67 29 D7 BC E8 18 3E DA  B2 46 B3 D8 14 36 FE B6)

• Previous message (by thread): Effective ways to deal with DDoS attacks?
• Next message (by thread): Effective ways to deal with DDoS attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]