Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: UUNet Offer New Protection Against DDoS

  • From: Andy Ellifson
  • Date: Wed Mar 03 11:40:04 2004

When I first saw this post I thought that MCI/UU.Net implemented some DDOS
BGP community strings like CW implemented a month ago.  If only all of my
upstreams would have this type of BGP Community string my life would be made
easier.  Here is the customer release letter from from CW dated Januray 23,
2004:

Dear Customer, 

If you have received this email, you are either a direct customer of 
AS3561, (i.e. you have registered a route object for a customer of AS3561), 
or are listed in the maintainer of a customer of AS3561. 

AS3561 has implemented a blackhole/DDoS community string based solution to 
aid customers in the mitigation of DoS attacks. If you are currently running 
BGP with us, you will be able to use this feature. 

If you advertise a prefix (route) to us with the community string 
3561:666, we will NULL route or 'blackhole' all traffic destined to that 
prefix. The prefixes accepted are based on the current prefix-list generated 
for you. Instead of doing exact match filtering, we will accept any prefix 
(more "specific") within your address block(s). e.g. if you have 
192.168.0.0/16 registered, we will accept 192.168.0.0/16 upto /32 as long as 
the 3561:666 community string is attached. 

Please ensure you are configured to send community strings and understand 
the impact of errant advertisements. Diligence should be used when 
administrating this feature. Once the prefix is received and propagated 
within AS3561, all traffic destined to the prefix will be discarded and the 
blackholing of traffic will continue as long as DDoS community string is 
being advertised. Neither Cable & Wireless nor AS3561 will be held liable 
or responsible for customers who errantly advertise prefixes with the 
blackhole community string. 

If you wish to utilize this feature, you can verify our acceptance of the 
advertised prefix by querying the AS3561 route server located at 
http://lg.cw.net. 

Please remember, we require you to complete a priority one incident report 
at http://www.security.cw.net (Report an Incident) and include details of the

attack. An email describing further details of the attack can be sent to 
security@cw.net, please include the incident report number in the subject to 
assist in the tracking and documentation of the incident. This will ensure 
the attack is properly administrated handled by our Security and Legal 
Groups. 



--- John Obi <dalnetuzer@yahoo.com> wrote:
> Hello Nanogers!
>  
> I'm happy to see this, and I hope C&W, Verio, and Level3 ..etc will do the
> same!
>  
> MCI/WorldCom Monday unveiled a new service level agreement (SLA) to help IP
> services customers thwart and defend against Internet viruses and threats. 
>  
> http://informationweek.securitypipeline.com/news/18201396
>  
> It's the right time before it's too late!
>  
> Regards,
>  
> -J
> 
> 
> ---------------------------------
> Do you Yahoo!?
> Yahoo! Search - Find what you’re looking for faster.





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.