Re: ONS - The few the proud ... the sleeping

[Stephen Wilcox <steve.wilcox () packetrade com>]

On Thu, Aug 16, 2007 at 04:00:36PM +0100, michael.dillon () bt com wrote:
> > Unless all these bots are directly connected (direct 
> > customer) and concentrated on one portion of the network (not 
> > spread across the entire access layer) I can't imagine with 
> > the tools, features, products, etc that are available today 
> > (that can almost manage dDoS attacks for you) that it 
> > couldn't be mitigated.  5-6 years ago this would have been a 
> > lot tougher, but it was still doable.
>
> Remote triggered BGP blackhole filtering comes to mind
> ftp://ftp-eng.cisco.com/cons/isp/security/Remote-Triggered-Black-Hole-Fi
> ltering-02.pdf
>
> And if the bots are directly connected or concentrated in one point of
> the network, it seems to me that simple ACLs can mitigate the attack.
>
> I agree that DDoS is not likely to take down a network big enough to be
> called a backbone unless there is some kind of unforeseen side effects
> to the DDoS.

unless they are not 'in' the network and hence cant be stopped internally and have the potential to overwhelm any 
external interface.. these cannot be mitigated without cooperation from other networks

Steve