UUNet Offer New Protection Against DDoS

Stephen J. Wilcox steve at telecomplete.co.uk
Wed Mar 3 21:47:57 UTC 2004



I'm puzzled by one aspect on the implementation.. how to build your customer 
prefix filters.. that is, we have prefix-lists for prefix and length. Therefore 
at present we can only accept a tagged route for a whole block.. not good if the 
announcement is a /16 etc !

Now, I could do as per the website at secsup.org which means we have a route-map 
entry to match the community before the filtering .. but that would allow the 
customer to null route any ip. 

What we need is one to allow them to announce any route including more 
specifics of the prefix list - how are folks doing this?

Steve

On Wed, 3 Mar 2004, james wrote:

> 
> Global Crossing has this, already in production. 
> I was on the phone with Qwest yesterday & this was one
> of this things I asked about. Qwest indicated they are
> going to deploy this shortly. (i.e., send routes tagged with
> a community which they will set to null)
> 
> 
> James Edwards
> Routing and Security
> jamesh at cybermesa.com
> At the Santa Fe Office: Internet at Cyber Mesa
> Store hours: 9-6 Monday through Friday
> 505-988-9200 SIP:1(747)669-1965
> 
> 




More information about the NANOG mailing list