Last-call DoS/DoS Attack BCOP

Rob Seastrom rs at
Tue Mar 24 09:27:30 UTC 2015

John Kristoff <jtk at> writes:

> If the attack is an infrastructure attack, say a routing interface that
> wouldn't normally receive or emit traffic from its assigned address
> except perhaps for network connectivity testing (e.g. traceroute) or
> control link local control traffic (e.g. local SPF adjacencies, BGP
> neighbors), you can "hide" those addresses, making them somewhat less
> easy to target by using something like unnumbered or unadvertised or
> ambiguous address space (e.g. RFC 1918).

That comes at a cost, both operational/debugging and breaking pmtud.
But if you don't care about collateral damage, setting the interface to
admin-down stops attacks against it *cold*.

Due to the drawbacks, I wouldn't consider this a good candidate for
inclusion in a BCOP document.

I have often thought there ought to be a companion series for
Questionable Current Operational Practices, or maybe "desperate
measures".  I volunteer to write the article on "YOLO upgrades",
wherein one loads untested software on equipment with no OOB, types
"request system reboot", shouts "YOLO", and hits return.


More information about the NANOG mailing list