[AusNOG] DDoS Attacks - Painful and Persistent.
Nick Brown
nick at inticon.net.au
Mon Aug 10 17:20:28 EST 2009
Roland Dobbins wrote:
> Using private addresses for your links is a Really Bad Idea for many
> reasons, like breaking traceroute - again, iACLs, GTSM and CoPP are
> relevant the BCPs in this context.
>
>
Fair enough, you can see more and more carriers who are using private
addresses on their links however, and sometimes implementing best
practice isn't up there on the list when you are in a hurry.
>
> From where in the topology was the capture made? Again, one doesn't
> typically see 8K packets outsize of IDCs with jumbo-frame support. If
> you'll enable NetFlow on your edges, you'll be able to instantly
> traceback the traffic in order to see where it's originating. It
> would be quite surprising to see 8K packets making it into your
> network from an upstream or peer.
>
>
The capture is taken from the interface of ingress from the upstream who
had the prefix at the time. This can be further reinforced by looking at
the information from carriers who are bringing the traffic into us,
including one upstream carrier who had a significant failure of their
own under the load of this attack.
Cheers
Nick.
More information about the AusNOG
mailing list