Last-call DoS/DoS Attack BCOP

John Kristoff jtk at cymru.com
Mon Mar 23 23:21:42 UTC 2015


On Mon, 23 Mar 2015 19:00:14 -0400
Yardiel D.Fuentes <yardiel at gmail.com> wrote:

> Since there have been good feedback for this BCOP. The committee
> decided to extend the "last-call period" for another two weeks to
> give ample chance to further feedback.
> 
> So, it is not late for more comments,

Hi Yardiel,

Nice work so far.  A couple of additional ideas for you if you care to
use them.

If the attack is an infrastructure attack, say a routing interface that
wouldn't normally receive or emit traffic from its assigned address
except perhaps for network connectivity testing (e.g. traceroute) or
control link local control traffic (e.g. local SPF adjacencies, BGP
neighbors), you can "hide" those addresses, making them somewhat less
easy to target by using something like unnumbered or unadvertised or
ambiguous address space (e.g. RFC 1918).

A second suggestion, if you want to add a reference to it is the UTRS
project, which is a free community project that brings networks
together for the purpose of exchanging RTBH announcements.  We've
recently enabled automated relay for IPv4 /32's that have a history of
sole origination from a peer.  This is another DDoS mitigation tool in
the tool box that many may find helpful.  More detail can be found here:

  <http://www.cymru.com/jtk/misc/utrs.html>

John


More information about the NANOG mailing list