[AusNOG] DDOS mitigation
Phillip Grasso
phillip.grasso at gmail.com
Sun May 12 09:21:53 EST 2013
my pessimistic 2cents.
Attack volumes should continue to grow proportionally with defensive
capability, the capability would reduce to fewer possible attackers (less
script kiddies, more large scale professional botnets and state sponsored
ops). 40-100G attacks happen now for big targets but my guess it will be
common place for rest of market in near future. The bigger risk is how does
this affect the second / third tier service providers not able to protect
themselves from these types of attacks and what "protection" costs would be
required from upstream providers. Already some large providers charge for
"DDoS protection".
Capacity based DDoS attacks obviously can hurt, but its well known and
mostly can be overcome with some filtering, blackholing etc. There are
other vectors are increasingly growing concerned e.g. Rolands prior ausnog
talk; (where firewalls fall over). Infrastructure weakness attacks can have
a greater impact for more sustained period. attacking specific weaknesses
in BGP or TCP stacks, or exceeding forwarding rates on devices (not
capacity).
On another note;
There's a possible huge economic and market cost here; it "may" mean that
smaller players have harder time to operate against the larger operators
that can provide protections at scale. It requires players to have
significantly greater amount of network capacity (or infrastructure
hardware capacity then needed) A large player can do with less of this and
overall percentage of headroom may be minimal. It would be really hard for
smaller operators to exist in market without clear 'protection' from larger
operators / upstreams.
On Fri, May 10, 2013 at 11:18 PM, James Braunegg <
james.braunegg at micron21.com> wrote:
> Dear Roland
>
> Nice feature.... back to school I must go ;)
>
> Kindest Regards
>
> James Braunegg
> W: 1300 769 972 | M: 0488 997 207 | D: (03) 9751 7616
> E: james.braunegg at micron21.com | ABN: 12 109 977 666
>
>
>
> This message is intended for the addressee named above. It may contain
> privileged or confidential information. If you are not the intended
> recipient of this message you must not use, copy, distribute or disclose it
> to anyone other than the addressee. If you have received this message in
> error please return the message to the sender by replying to it and then
> delete the message from your computer.
>
>
> -----Original Message-----
> From: ausnog-bounces at lists.ausnog.net [mailto:
> ausnog-bounces at lists.ausnog.net] On Behalf Of Dobbins, Roland
> Sent: Friday, May 10, 2013 11:13 PM
> To: ausnog at lists.ausnog.net
> Subject: Re: [AusNOG] DDOS mitigation
>
>
> On May 10, 2013, at 7:51 PM, James Braunegg wrote:
>
> > Have you had enough capacity to be able to absorb attacks thus collect
> metrics or have the attacks been larger than your capacity and hence
> requiring the need for S/RTBH thus losing the ability to measure the true
> size of the attack ?
>
> S/RTBH doesn't in and of itself take away one's visibility into traffic on
> platforms with decent flow telemetry support - dropped traffic is still
> tabulated, with the destination ifindex set to 0.
>
> Notable exceptions are pre-Sup2T Cisco 6500s/7600s, & pre-Sup7 Cisco 4500s.
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
> Luck is the residue of opportunity and design.
>
> -- John Milton
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130512/d9a98572/attachment.html>
More information about the AusNOG
mailing list