[AusNOG] UDP Flooding Issues

Matthew Moyle-Croft mmc at internode.com.au
Thu Jun 19 14:26:00 EST 2008


No, we're different to the BGP police mob.

MMC

Curtis Bayne wrote:
> Are these the same routing police that get narky when you deaggregate for TE? ;)
>
> Curtis
> ________________________________________
> From: ausnog-bounces at ausnog.net [ausnog-bounces at ausnog.net] On Behalf Of James Spenceley [james at vocus.com.au]
> Sent: Thursday, 19 June 2008 2:19 PM
> To: Phillip Grasso
> Cc: ausnog at ausnog.net; Sean K. Finn
> Subject: Re: [AusNOG] UDP Flooding Issues
>
> expect a lot of phone calls and email from the routing police,  people
> tend to get *really* upset when you do this.
>
> --
> James
>
>
> On 19/06/2008, at 1:23 PM, Phillip Grasso wrote:
>
>   
>> well if it's an insignificant ISP and you wanted to do some
>> *extremely* dodgy, then via the return path advertise their ASN
>> (prepend the offending AN number) in your announcements. this will
>> force their routers to drop your routes as it should be a bgp loop
>> prevention mechanism. There are lots of things that might stop this
>> from happening, including route filters on in the path inbetween.
>>
>> Otherwise the simplier method is to contact them or your isp to filter
>> to traffic in question.
>>
>> 2008/6/19 Sean K. Finn <Sean.Finn at ozservers.com.au>:
>>     
>>> Hi All,
>>>
>>>
>>>
>>> Does anyone know any techniqiues or ways to block BGP adverts to
>>> third party
>>> AS's, or a similar method for dropping routes *to* our AS from a
>>> distant,
>>> non directly connected AS ?
>>>
>>>
>>>
>>> For example, is there a way to inject or craft maybe a network
>>> unreachable
>>> message or something that we can send to the offending A.S. to
>>> remove their
>>> routing information for *our* network / AS / IP ranges?
>>>
>>>
>>>
>>> My scenario is that I'm trying to block UDP floods to our network,
>>> and I'm
>>> sure many of you have had experience with this. Im not looking for
>>> a total
>>> solution, although If you have any recommendations , that would be
>>> great.
>>> What I'm really after is just once peice of the puzzle to see if we
>>> can
>>> selectively choose which remote networks we are visible, as a
>>> direct first
>>> step to stopping attacks until a human can intervene.
>>>
>>>
>>>
>>> Cheers,
>>>
>>> Sean.
>>>
>>> ________________________________
>>>
>>> Oz Servers
>>> e: sean.finn at ozservers.com.au
>>> w: http://www.ozservers.com.au
>>> p: 1300 13 89 69
>>>
>>>
>>>
>>> /
>>>
>>> ________________________________
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at ausnog.net
>>> http://www.ausnog.net/mailman/listinfo/ausnog
>>>
>>>
>>>       
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at ausnog.net
>> http://www.ausnog.net/mailman/listinfo/ausnog
>>     
>
> CEO
> Vocus Group Limited
> Level 2, Vocus House
> 189 Miller Street
> North Sydney, NSW 2060
> (m) +61 407 496 866
> (w) +61 2 9959 3913
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at ausnog.net
> http://www.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at ausnog.net
> http://www.ausnog.net/mailman/listinfo/ausnog
>   

-- 
Matthew Moyle-Croft Internode/Agile Peering and Core Networks
Level 4, 150 Grenfell Street, Adelaide, SA 5000 Australia
Email: mmc at internode.com.au  Web: http://www.on.net
Direct: +61-8-8228-2909		    Mobile: +61-419-900-366
Reception: +61-8-8228-2999          Fax: +61-8-8235-6909

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20080619/d83df21d/attachment.html>


More information about the AusNOG mailing list