[AusNOG] DDOS mitigation

Chris Chaundy chris.chaundy at gmail.com
Thu May 9 18:38:35 EST 2013


Well Nextgen offers RTBH, as do Tata/VSNL, Verizon and NTT and others mentioned.  Start the process of elimination. :-)

BTW, we modify/propagate the community where possible to stop things closer to the source.

Re: S/RTBH, we use customer ingress filtering and we don't trust customers to apply this (easy to accidentally or deliberately take out someone else, see 4.1 in the RFC noted below), but we can apply this from the NOC after vetting things.  The one drawback is that you really need to carry full routing tables everywhere.

Cheers, Chris Chaundy

Sent from my iPad

On 09/05/2013, at 6:12 PM, "Dobbins, Roland" <rdobbins at arbor.net> wrote:

> 
> On May 9, 2013, at 1:37 PM, Matt Carter wrote:
> 
>> Consider if you want to blackhole a /32 because it is under attack, with some of the bit rates seem of recent attacks, its potentially/likely affecting the upstream provider aswell and may have impact to their other customers or at least a segment of their access network.
> 
> It's odd how folks still tend to focus on destination-based blackholing, when S/RTBH works quite well:
> 
> <http://tools.ietf.org/html/rfc5635>
> 
> <https://www.box.com/s/xznjloitly2apixr5xge>
> 
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
> 
>      Luck is the residue of opportunity and design.
> 
>               -- John Milton
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog



More information about the AusNOG mailing list