Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: engineering --> ddos and flooding

  • From: Mark Mentovai
  • Date: Fri Jun 01 14:44:48 2001 
Walter Prue wrote:
>I came up with a solution for networks with ISP connections to deal
>quickly with DDOS attacks without having to be able to work with a
>network technician at the ISP for immediate relief.  If the ISP agrees,
>install a second low speed connection to the same router your primary
>router BGP peers with.  Through this low speed connection you run a
>second bgp session advertising the /32 that is being attacked by the
>DDOS.  You mark the /32 as NO-ADVERTISE so the route doesn't leave the
>border router.

Or, without adding an extra connection, negotiate a NULLROUTE community with
your upstream provider.  This would be a wonderful addition to the
well-known BGP communities.  I'll bring this up on IDR.

Mark


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.