nanog mailing list archives
Re: Over a decade of DDOS--any progress yet?
From: Chris Boyd <cboyd () gizmopartners com>
Date: Wed, 8 Dec 2010 13:19:22 -0600
On Dec 8, 2010, at 9:33 AM, Arturo Servin wrote:
Yes, but all of them rely on your upstreams or in mirroring your content. If 100 Mbps are reaching your input interface of 10Mbps there is not much that you can do.
Hmm. What would be really cool is if you could use Snort, NetFlow/NBAR, or some other sort of DPI tech to find specifically the IP addresses of the DDoS bots, and then pass that information back upstream via BGP communities that tell your peer router to drop traffic from those addresses. That way the target of the traffic can continue to function if the DDoS traffic doesn't closely mimic the normal traffic. Your BGP peer router would need to have lots of memory for /32 or /64 routes though. Anyone heard of such a beast? Or is this how the stuff from places like Arbor Networks do their thing? --Chris
Current thread:
- Re: Over a decade of DDOS--any progress yet?, (continued)
- Re: Over a decade of DDOS--any progress yet? Jeffrey Lyon (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Arturo Servin (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Jack Bates (Dec 08)
- RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Jack Bates (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Jeffrey Lyon (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Jeffrey Lyon (Dec 08)
- Re: Over a decade of DDOS--any progress yet? Michael Costello (Dec 08)
- RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 10)
- Re: Over a decade of DDOS--any progress yet? Michael Costello (Dec 11)
- Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
- RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 10)