<div dir="ltr"><div dir="ltr"><p style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt">Dear NANOG members,</span></p><p style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt">I
am a senior Ph.D. student at the University of Oregon (UO). We are
seeking your help to understand DDoS mitigation techniques toward
volumetric link flooding attacks.</span></p><p style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt">With
our preliminary survey so far, DDoS mitigation approaches in the real
world include 1) DDoS mitigation service providers (e.g., Akamai,
Cloudflare), 2) Remotely-Triggered Black Hole (RTBH), 3) BGP FlowSpec,
and 4) direct contact with upstream providers for traffic filtering.</span></p><p style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt">We
also realize the traffic filtering space in hardware routers is limited
as router vendors use CAM/TCAM to implement packet matching and access
control lists at line rate. We believe that many routers on the Internet
today may not have the necessary capacity to perform fine-grained
traffic filtering, especially when facing a large-scale DDoS attack with
or without IP spoofing.</span></p><p style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt">To this end, we ask that you kindly participate in our short and anonymized survey at <a href="https://oregon.qualtrics.com/jfe/form/SV_03aPeCIGiyUt6st" target="_blank">https://oregon.qualtrics.com/jfe/form/SV_03aPeCIGiyUt6st</a>.
The purpose of this survey is to understand 1) the frequency and scale
of DDoS attacks, 2) the DDoS mitigation methods commonly used by the
edge network operators, and 3) the capability of the mitigation methods.</span></p><p style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt">We
plan to collect responses for three months, and we will report the
survey result back to you. This study is part of our on-going research
project, the Catch-22 attack, and you can view our poster paper at <a href="https://luminshi.github.io/assets/papers/catch22.pdf" target="_blank">https://luminshi.github.io/assets/papers/catch22.pdf</a>.</span></p><p style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt">Regards,</span></p><p style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt">Lumin Shi</span></p><p style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt"><a style="background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt;color:rgb(74,110,224)" href="https://ccsp.uoregon.edu/" target="_blank"><span style="background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt;color:rgb(74,110,224)">Center for Cyber Security and Privacy</span></a></p><p style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(28,30,41);background:transparent none repeat scroll 0% 0%;margin-top:0pt;margin-bottom:0pt">University of Oregon</span></p></div></div>