ONS - The few the proud ... the sleeping

michael.dillon at bt.com michael.dillon at bt.com
Thu Aug 16 15:00:36 UTC 2007

> Unless all these bots are directly connected (direct 
> customer) and concentrated on one portion of the network (not 
> spread across the entire access layer) I can't imagine with 
> the tools, features, products, etc that are available today 
> (that can almost manage dDoS attacks for you) that it 
> couldn't be mitigated.  5-6 years ago this would have been a 
> lot tougher, but it was still doable.

Remote triggered BGP blackhole filtering comes to mind

And if the bots are directly connected or concentrated in one point of
the network, it seems to me that simple ACLs can mitigate the attack.

I agree that DDoS is not likely to take down a network big enough to be
called a backbone unless there is some kind of unforeseen side effects
to the DDoS.

--Michael Dillon

More information about the NANOG mailing list