Over a decade of DDOS--any progress yet?

alvaro.sanchez at adinet.com.uy alvaro.sanchez at adinet.com.uy
Wed Dec 8 13:46:10 UTC 2010


A very common action is to blackhole ddos traffic upstream by sending a 
bgp route to the next AS with a preestablished community indicating the 
traffic must be sent to Null0. The route may be very specific, in order 
to impact as less as possible. This needs previous coordination between 
providers.
Regards.

>----Mensaje original----
>De: rdobbins at arbor.net
>Fecha: 08/12/2010 10:53 
>Para: "North American Operators' Group"<nanog at nanog.org>
>Asunto: Re: Over a decade of DDOS--any progress yet?
>
>
>On Dec 8, 2010, at 7:28 PM, Arturo Servin wrote:
>
>> 	One big problem (IMHO) of DDoS is that sources (the host of 
botnets) may be completely unaware that they are part of a DDoS. I do 
not mean the bot machine, I mean the ISP connecting those.
>
>The technology exists to detect and classify this attack traffic, and 
is deployed in production networks today.
>
>And of course, the legitimate owners of the botted hosts are 
generally unaware that their machine is being used for nefarious 
purposes.
>
>> 	In the other hand the target of a DDoS cannot do anything to stop 
to attack besides adding more BW or contacting one by one the whole 
path of providers to try to minimize the effect.
>
>Actually, there're lots of things they can do.
>
>>  	I know that this has many security concerns, but would it be good 
a signalling protocol between ISPs to inform the sources of a DDoS 
attack in order to take semiautomatic actions to rate-limit the traffic 
as close as the source? Of course that this is more complex that these 
three or two lines, but I wonder if this has been considerer in the 
past.
>
>It already exists.
>
>-----------------------------------------------------------------------
>Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
> 	       Sell your computer and buy a guitar.
>
>
>
>
>
>






More information about the NANOG mailing list