A use case for a longer prefix with the same nexthop:
F
/ \
D E
| |
B C
\ /
A
Suppose A is a customer of B and C.
B has a large address space: 10.1.0.0/16.
B allocates a subset to A: 10.1.1.0/24.
B advertises the longer prefix to its backup provider C.
C propagates it to E and then to F.
B MUST advertise both 10.1.0.0/16 and 10.1.1.0/24 to D.
D MUST propagate both of them to F.
Otherwise, if F only receives 10.1.0.0/16 from D, then
F will have the longer match 10.1.1.0/24 to E,
but E is only the backup route.
Thanks,
Jakob.
> -----Original Message-----
> Date: Fri, 29 Apr 2016 08:17:41 -0400
> From: Alain Hebert <ahebert(a)pubnix.net>
> To: "'NANOG list'" <nanog(a)nanog.org>
> Subject: Friday's Random Comment - About: Arista and FIB/RIB's
> Message-ID: <00ea292f-e779-25ad-ce89-eae897e9516d(a)pubnix.net>
> Content-Type: text/plain; charset=utf-8
>
> While following that Arista chat... That reminded me of that little
> afternoon project years ago.
>
> So I decided to find new hamsters, fire up that VM, refresh the DB's and
> from the view point of a tiny 7206VXR/G1 with 2 T3 peers...
>
> The amount of superfluous subnet advertisement drop to ~120k from
> ~166k from the previous snapshot.
>
> And this is the distribution by country.
>
> country | superfluous
> --------------------+-------------
> United States | 28254
> Brazil | 10012
> China | 7537
> India | 6449
> Russian Federation | 4524
> Korea, Republic of | 4062
> Saudi Arabia | 3297
> Australia | 2989
> Indonesia | 2878
> Hong Kong | 2251
> Thailand | 2093
> Canada | 2019
> Taiwan | 1955
> Ukraine | 1877
> Singapore | 1856
> Bulgaria | 1488
> Argentina | 1436
> Japan | 1403
> Mexico | 1351
> Chile | 1271
>
> (Damn Canada, can't break top 10 again).
>
> PS: "Superfluous" is a nice way to say that the best path of a
> subnet is the same as his supernet. And yes I'm aware of the Weekly
> Routing Report, I was just curious to see it by country =D.
>
> -----
> Alain Hebert ahebert(a)pubnix.net
> PubNIX Inc.
> 50 boul. St-Charles
> P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
> Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
Hi
Amplification attacks and syn floods are just touching the surface of ddos attack vectors. You should look into some industry reports:
Here are a couple examples to get you started.
https://www.radware.com/ert-report-2015/http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/
Sent via the Samsung GALAXY S® 5, an AT&T 4G LTE smartphone
-------- Original message --------
From: Martin Bacher <ti14m028(a)technikum-wien.at>
Date: 4/29/2016 2:02 AM (GMT-08:00)
To: Tyler Haske <tyler.haske(a)gmail.com>
Cc: NANOG list <nanog(a)nanog.org>
Subject: Re: BGP FlowSpec
Hello Tyler,
thanks for your reply.
> Am 28.04.2016 um 17:37 schrieb Tyler Haske <tyler.haske(a)gmail.com>:
>
> Martin,
>
>
> > Last but not least: I am also looking for anonymized statistical data about DDoS attacks which I could use in the thesis. I am mainly interested in data about the
> > type of attacks, attack time, sources, source and destination ports, and so on. I know this something which is generally not shared, so I would really appreciate it if
> > someone would be able to share such data.
>
> Many companies are extremely reluctant to share their attack data. But that's OK, because there are other ways to get it.
>
> Have you investigated backscatter analysis? It's used to see ongoing and current Internet scope DDoS attacks.
I just had a look on that and thought that its only be able to detect some of the attacks. You might not detect large state of the art reflection and amplification attacks with that method. But i think it is useful for some sort of attacks like SYN flood. Do you agree?
>
> Inferring Internet Denial of Service Activity
> https://cseweb.ucsd.edu/~savage/papers/UsenixSec01.pdf
>
> Analyzing Large DDoS Attacks Using Multiple Data Sources
> https://www.cs.utah.edu/~kobus/docs/ddos.lsad.pdf
>
> ISP Security - Real World Techniques
> https://www.nanog.org/meetings/nanog23/presentations/greene.ppt
>
> A Summary of DoS/DDoS Prevention, Monitoring and Mitigation Techniques in a Service Provider Environment
> https://www.sans.org/reading-room/whitepapers/intrusion/summary-dos-ddos-pr…
>
> Maybe you have access to some public IPs, then you can do this data collection yourself.
Sure, I will definitely think about hat.
Thanks again for your reply and for providing the links.
Greetings,
Martin
>
> Regards,
>
> Tyler
>
