FYI: RFC 3882 on Configuring BGP to Block Denial-of-Service Attacks
Given recent discussions on blackholing traffic, this may be of interest. - ferg [snip] A new Request for Comments is now available in online RFC libraries. RFC 3882 Title: Configuring BGP to Block Denial-of-Service Attacks Author(s): D. Turk Status: Informational Date: September 2004 Mailbox: doughan.turk@bell.ca Pages: 8 Characters: 19637 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-turk-bgp-dos-07.txt URL: ftp://ftp.rfc-editor.org/in-notes/rfc3882.txt This document describes an operational technique that uses BGP communities to remotely trigger black-holing of a particular destination network to block denial-of-service attacks. Black-holing can be applied on a selection of routers rather than all BGP-speaking routers in the network. The document also describes a sinkhole tunnel technique using BGP communities and tunnels to pull traffic into a sinkhole router for analysis. [snip] -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net
On Sat, 2 Oct 2004, Fergie (Paul Ferguson) wrote:
Given recent discussions on blackholing traffic, this may be of interest.
- ferg
[snip]
A new Request for Comments is now available in online RFC libraries.
RFC 3882
Title: Configuring BGP to Block Denial-of-Service Attacks Author(s): D. Turk Status: Informational Date: September 2004 Mailbox: doughan.turk@bell.ca Pages: 8 Characters: 19637 Updates/Obsoletes/SeeAlso: None
I-D Tag: draft-turk-bgp-dos-07.txt
URL: ftp://ftp.rfc-editor.org/in-notes/rfc3882.txt
This document describes an operational technique that uses BGP communities to remotely trigger black-holing of a particular destination network to block denial-of-service attacks. Black-holing can be applied on a selection of routers rather than all BGP-speaking routers in the network. The document also describes a sinkhole tunnel
This tunneling is 'centertrack' which is patented... Also, tunneling is a dangerous prospect when you get very large amounts of attack traffic.
On Sat, 2 Oct 2004, Christopher L. Morrow wrote:
On Sat, 2 Oct 2004, Fergie (Paul Ferguson) wrote:
Given recent discussions on blackholing traffic, this may be of interest.
communities to remotely trigger black-holing of a particular destination network to block denial-of-service attacks. Black-holing can be applied on a selection of routers rather than all BGP-speaking routers in the network. The document also describes a sinkhole tunnel
This tunneling is 'centertrack' which is patented... Also, tunneling is a dangerous prospect when you get very large amounts of attack traffic.
hrm... unless Robert can send the Patent No. I think I was mistaken, CenterTrack wasn't patented, though I could swear it was... -Chris
participants (2)
-
Christopher L. Morrow
-
Fergie (Paul Ferguson)