Re: attacking DDOS using BGP communities?
On (2002-10-18 04:13 -0400), John Fraizer wrote:
You receive a prefix with the communities 1111:1 2222:2 3333:3 and TTL-COMM:2. You need to decrement the TTL-COMM value while leaving the other 3 communities unchanged.
Yes this would need change in IOS/JunOS but it wouldn't actually be hard to code this feature. But I still think it would be beneficial if green elves would configure it as non-additive change to all routers globally. Yes, you couldn't use it as offering partial visibility since it would most propably break few things here and there but it would increase your possibility in finding out which AS# is/are originating the attack. I'm just waiting for the green elves. But in the mean time, would anyone configure decrement of TTL-COMM if JunOS and IOS would magically start to support such feature in hopes of reaching some time large enough cover to actually do anything good.
Unless *ALL* vendors change their code to compare AS-PATH length for prefixes against the TTL-COMM value, decrementing the value as the route is passed from peer to peer is the only way to make this work that I can think of. Doing that without nixing the other communities that may need to be passed as well becomes a serious challenge.
Yes, it's quite optimistic and naive to think such concensus could be achieved when much more modest changes which would require global co-operation never happen.
Heck, the route-map to do this without regard for other communities would still be pretty hairy.
Am I missing something here?
No, thanks for the comments. -- ++ytti
participants (1)
-
Saku Ytti