ONS - The few the proud ... the sleeping

• Previous message (by thread): ONS - The few the proud ... the sleeping
• Next message (by thread): Domain Registration and MX Records [Was: Re: Discovering policy ]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Aug 16, 2007 at 04:00:36PM +0100, michael.dillon at bt.com wrote:
> 
> > Unless all these bots are directly connected (direct 
> > customer) and concentrated on one portion of the network (not 
> > spread across the entire access layer) I can't imagine with 
> > the tools, features, products, etc that are available today 
> > (that can almost manage dDoS attacks for you) that it 
> > couldn't be mitigated.  5-6 years ago this would have been a 
> > lot tougher, but it was still doable.
> 
> Remote triggered BGP blackhole filtering comes to mind
> ftp://ftp-eng.cisco.com/cons/isp/security/Remote-Triggered-Black-Hole-Fi
> ltering-02.pdf
> 
> And if the bots are directly connected or concentrated in one point of
> the network, it seems to me that simple ACLs can mitigate the attack.
> 
> I agree that DDoS is not likely to take down a network big enough to be
> called a backbone unless there is some kind of unforeseen side effects
> to the DDoS.

unless they are not 'in' the network and hence cant be stopped internally and have the potential to overwhelm any external interface.. these cannot be mitigated without cooperation from other networks

Steve

• Previous message (by thread): ONS - The few the proud ... the sleeping
• Next message (by thread): Domain Registration and MX Records [Was: Re: Discovering policy ]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]