Home page logo

nanog logo nanog mailing list archives

Re: engineering --> ddos and flooding
From: Jared Mauch <jared () puck Nether net>
Date: Thu, 31 May 2001 18:06:36 -0400

        There is some work going on in IETF (itrace) to trace these
attacks back even w/ spoofed ips, etc..

        There are currently no "poison" bgp updates you can send upstream
to get them to blackhole the traffic.

        - Jared

On Thu, May 31, 2001 at 05:59:18PM -0400, Andrew Dorsett wrote:

Hey, this is a technical question for all of the Network 
Engineers/Architects on the list.  Has a method been found to stop an 
incoming attack?  Granted you can filter the packets to null on the router, 
but that doesn't stop them from coming across the wire and into the 
router.  Has a way been devised to stop them from coming into the router; 
via something like a BGP update to null the packets or what?  I'm concerned 
about a flood that is so massive coming from the core and flooding a small 
T1 or less.

<zerocool () netpath net>
ICQ: 2895251
Cisco Certified Network Associate
Development Assistant: Netpath/Stratonet, Inc.
                        Email: dorsett () netpath net

"Learn from the mistakes of others. You won't live long enough to make all 
of them yourself." -- Unknown
"YEEEHA!!! What a CRASH!!!" -- Random System Administrator

Jared Mauch  | pgp key available via finger from jared () puck nether net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]