On Wed, 1 May 2002, Wojtek Zlobicki wrote:
What processes and/or tools are large networks using to identify and limit the impact of DDoS attacks?
A great deal of thought is being expended on this question, I am certain, however, how many of these thought campaings have born significant fruit yet, I do not know.
How about the following :
We develop a new community , being fully transitive (666 would be appropriate ) and either build into router code or create a route map to null route anything that contains this community. The effect of this being the distribution of the force of the attack.
How about no. How about you do this inside YOUR network, perhaps get an agreement with your peers to accept a /32 route from you and you can do it with your peers also in times of need... There is something ominous about 'automagically propogating' a blackhole route. 1) I hack connected ISP X 2) I inject www.ebay.com /32 blackhole route 3) no more ebay I use ebay as an example of course, I wouldn't want them harmed cause how would I be able to buy all that nice routing gear at bargain basement prices without them? :)
This aside, how effective would be using a no export community with ones peers (being non transitive, it would still distribute the force of the attack).
For YOUR PEERS this is a fine idea, provided this fits with your peer's edge policies and doesn't step on his already-used community.