[AusNOG] UDP Flooding Issues
Curtis Bayne
curtis at bayne.com.au
Thu Jun 19 13:41:19 EST 2008
...feel free to advertise a default route while you're at it, just in case there's still a transit network in the middle that's still routing packets ;). In all seriousness though, kudos for creativity :)
Curtis
________________________________________
From: ausnog-bounces at ausnog.net [ausnog-bounces at ausnog.net] On Behalf Of Phillip Grasso [phillip.grasso at gmail.com]
Sent: Thursday, 19 June 2008 1:23 PM
To: Sean K. Finn
Cc: ausnog at ausnog.net
Subject: Re: [AusNOG] UDP Flooding Issues
well if it's an insignificant ISP and you wanted to do some
*extremely* dodgy, then via the return path advertise their ASN
(prepend the offending AN number) in your announcements. this will
force their routers to drop your routes as it should be a bgp loop
prevention mechanism. There are lots of things that might stop this
from happening, including route filters on in the path inbetween.
Otherwise the simplier method is to contact them or your isp to filter
to traffic in question.
2008/6/19 Sean K. Finn <Sean.Finn at ozservers.com.au>:
> Hi All,
>
>
>
> Does anyone know any techniqiues or ways to block BGP adverts to third party
> AS's, or a similar method for dropping routes *to* our AS from a distant,
> non directly connected AS ?
>
>
>
> For example, is there a way to inject or craft maybe a network unreachable
> message or something that we can send to the offending A.S. to remove their
> routing information for *our* network / AS / IP ranges?
>
>
>
> My scenario is that I'm trying to block UDP floods to our network, and I'm
> sure many of you have had experience with this. Im not looking for a total
> solution, although If you have any recommendations , that would be great.
> What I'm really after is just once peice of the puzzle to see if we can
> selectively choose which remote networks we are visible, as a direct first
> step to stopping attacks until a human can intervene.
>
>
>
> Cheers,
>
> Sean.
>
> ________________________________
>
> Oz Servers
> e: sean.finn at ozservers.com.au
> w: http://www.ozservers.com.au
> p: 1300 13 89 69
>
>
>
> /
>
> ________________________________
> _______________________________________________
> AusNOG mailing list
> AusNOG at ausnog.net
> http://www.ausnog.net/mailman/listinfo/ausnog
>
>
_______________________________________________
AusNOG mailing list
AusNOG at ausnog.net
http://www.ausnog.net/mailman/listinfo/ausnog
More information about the AusNOG
mailing list