Effective ways to deal with DDoS attacks?

Barry Raveendran Greene bgreene at cisco.com
Sun May 5 18:09:06 UTC 2002



Be mindful that uRPF Strict Mode was created to help scale BCP 38 filtering.
If you have 1000 lease line customers and can use uRFP Strict Mode on 80% of
those customers, that is 80% fewer BCP38 ACLs that you need to manage.

For the other 20% you have uRFP + BGP tweaks or plain old ACLs. But as Chris
inferred, that 20% where you cannot use simple uRPF is also the 20% most
difficult customers.

> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu]On Behalf Of
> Iljitsch van Beijnum
> Sent: Sunday, May 05, 2002 12:44 AM
> To: Christopher L. Morrow
> Cc: nanog at merit.edu
> Subject: Re: Effective ways to deal with DDoS attacks?
>
>
>
> On Sun, 5 May 2002, Christopher L. Morrow wrote:
>
> > > > like with single homed customers. The only time when those sets of
> > > > prefixes is NOT the same is for a backup connection. But if
> a connection
>
> > > Not always the case, customer behaviour can not be accurately modeled.
>
> > I was hoping someone else might mention this, BUT what about the case of
> > customers providing transit for outbound but not inbound
> traffic for their
> > customers? We have many, many cases of customers that are 'default
> > routing' for their customers that get inbound traffic down alternate
> > customers or peers or wherever...
>
> Is there a compelling reason you should allow this? If yes, you can't use
> uRPF and you have to install an acl to do sanity checking on the
> customer's source addresses. If no, they'll have to announce those routes
> to you. If they set the no export community they still won't get any
> inbound traffic to speak of.
>
> > uRPF seems like a not so good solution
> > for these instances :( especially since some of these are our worst
> > abusers :(
>
> Well if these are your worst abusers, it seems to me uRPF is exactly what
> those customers need.  ;-)
>
>




More information about the NANOG mailing list