[AusNOG] UDP Flooding Issues

Adrian Chadd adrian at creative.net.au
Thu Jun 19 14:30:31 EST 2008


(Since I got a private "wtf?" email..)

Note to List: I wasn't poking fun at NANOG. Quite the opposite actually.




Adrian

On Thu, Jun 19, 2008, Adrian Chadd wrote:
> On Thu, Jun 19, 2008, Curtis Bayne wrote:
> > ...feel free to advertise a default route while you're at it, just in case there's still a transit network in the middle that's still routing packets ;). In all seriousness though, kudos for creativity :)
> 
> Heh, you should then try "traffic engineering by manipulating BGP origin codes."
> 
> The things you pick up from NANOG...
> 
> 
> 
> 
> Adrian
> 
> > Curtis
> > ________________________________________
> > From: ausnog-bounces at ausnog.net [ausnog-bounces at ausnog.net] On Behalf Of Phillip Grasso [phillip.grasso at gmail.com]
> > Sent: Thursday, 19 June 2008 1:23 PM
> > To: Sean K. Finn
> > Cc: ausnog at ausnog.net
> > Subject: Re: [AusNOG] UDP Flooding Issues
> > 
> > well if it's an insignificant ISP and you wanted to do some
> > *extremely* dodgy, then via the return path advertise their ASN
> > (prepend the offending AN number) in your announcements. this will
> > force their routers to drop your routes as it should be a bgp loop
> > prevention mechanism. There are lots of things that might stop this
> > from happening, including route filters on in the path inbetween.
> > 
> > Otherwise the simplier method is to contact them or your isp to filter
> > to traffic in question.
> > 
> > 2008/6/19 Sean K. Finn <Sean.Finn at ozservers.com.au>:
> > > Hi All,
> > >
> > >
> > >
> > > Does anyone know any techniqiues or ways to block BGP adverts to third party
> > > AS's, or a similar method for dropping routes *to* our AS from a distant,
> > > non directly connected AS ?
> > >
> > >
> > >
> > > For example, is there a way to inject or craft maybe a network unreachable
> > > message or something that we can send to the offending A.S. to remove their
> > > routing information for *our* network / AS / IP ranges?
> > >
> > >
> > >
> > > My scenario is that I'm trying to block UDP floods to our network, and I'm
> > > sure many of you have had experience with this. Im not looking for a total
> > > solution, although If you have any recommendations , that would be great.
> > > What I'm really after is just once peice of the puzzle to see if we can
> > > selectively choose which remote networks we are visible, as a direct first
> > > step to stopping attacks until a human can intervene.
> > >
> > >
> > >
> > > Cheers,
> > >
> > > Sean.
> > >
> > > ________________________________
> > >
> > > Oz Servers
> > > e: sean.finn at ozservers.com.au
> > > w: http://www.ozservers.com.au
> > > p: 1300 13 89 69
> > >
> > >
> > >
> > > /
> > >
> > > ________________________________
> > > _______________________________________________
> > > AusNOG mailing list
> > > AusNOG at ausnog.net
> > > http://www.ausnog.net/mailman/listinfo/ausnog
> > >
> > >
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at ausnog.net
> > http://www.ausnog.net/mailman/listinfo/ausnog
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at ausnog.net
> > http://www.ausnog.net/mailman/listinfo/ausnog
> 
> -- 
> - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
> - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
> _______________________________________________
> AusNOG mailing list
> AusNOG at ausnog.net
> http://www.ausnog.net/mailman/listinfo/ausnog

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -



More information about the AusNOG mailing list