[AusNOG] UDP Flooding Issues

Adrian Chadd adrian at creative.net.au
Thu Jun 19 14:32:56 EST 2008


On Thu, Jun 19, 2008, Curtis Bayne wrote:
> Are these the same routing police that get narky when you deaggregate for TE? ;)

Only if you're pushing "full" tables into Sup2/Sup32/Sup7203B/(3C too?)




Adrian

(3550's make great edge devices! Linerate gigabit ethernet to 10 ports, very nice small packet
performance, line-rate ACL matching, a smidging of policing, and runs BGP. Just don't ask it
to deal well with ARP explosions or directed traffic attacks at your infrastructure.
8000 routes on the 3550-24 is enough to hold WAIX!)

Oh, and remember to turn off STP on your IX ports.)

> 
> Curtis
> ________________________________________
> From: ausnog-bounces at ausnog.net [ausnog-bounces at ausnog.net] On Behalf Of James Spenceley [james at vocus.com.au]
> Sent: Thursday, 19 June 2008 2:19 PM
> To: Phillip Grasso
> Cc: ausnog at ausnog.net; Sean K. Finn
> Subject: Re: [AusNOG] UDP Flooding Issues
> 
> expect a lot of phone calls and email from the routing police,  people
> tend to get *really* upset when you do this.
> 
> --
> James
> 
> 
> On 19/06/2008, at 1:23 PM, Phillip Grasso wrote:
> 
> > well if it's an insignificant ISP and you wanted to do some
> > *extremely* dodgy, then via the return path advertise their ASN
> > (prepend the offending AN number) in your announcements. this will
> > force their routers to drop your routes as it should be a bgp loop
> > prevention mechanism. There are lots of things that might stop this
> > from happening, including route filters on in the path inbetween.
> >
> > Otherwise the simplier method is to contact them or your isp to filter
> > to traffic in question.
> >
> > 2008/6/19 Sean K. Finn <Sean.Finn at ozservers.com.au>:
> >> Hi All,
> >>
> >>
> >>
> >> Does anyone know any techniqiues or ways to block BGP adverts to
> >> third party
> >> AS's, or a similar method for dropping routes *to* our AS from a
> >> distant,
> >> non directly connected AS ?
> >>
> >>
> >>
> >> For example, is there a way to inject or craft maybe a network
> >> unreachable
> >> message or something that we can send to the offending A.S. to
> >> remove their
> >> routing information for *our* network / AS / IP ranges?
> >>
> >>
> >>
> >> My scenario is that I'm trying to block UDP floods to our network,
> >> and I'm
> >> sure many of you have had experience with this. Im not looking for
> >> a total
> >> solution, although If you have any recommendations , that would be
> >> great.
> >> What I'm really after is just once peice of the puzzle to see if we
> >> can
> >> selectively choose which remote networks we are visible, as a
> >> direct first
> >> step to stopping attacks until a human can intervene.
> >>
> >>
> >>
> >> Cheers,
> >>
> >> Sean.
> >>
> >> ________________________________
> >>
> >> Oz Servers
> >> e: sean.finn at ozservers.com.au
> >> w: http://www.ozservers.com.au
> >> p: 1300 13 89 69
> >>
> >>
> >>
> >> /
> >>
> >> ________________________________
> >> _______________________________________________
> >> AusNOG mailing list
> >> AusNOG at ausnog.net
> >> http://www.ausnog.net/mailman/listinfo/ausnog
> >>
> >>
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at ausnog.net
> > http://www.ausnog.net/mailman/listinfo/ausnog
> 
> CEO
> Vocus Group Limited
> Level 2, Vocus House
> 189 Miller Street
> North Sydney, NSW 2060
> (m) +61 407 496 866
> (w) +61 2 9959 3913
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at ausnog.net
> http://www.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at ausnog.net
> http://www.ausnog.net/mailman/listinfo/ausnog

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -



More information about the AusNOG mailing list