North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: UUNet Offer New Protection Against DDoS
- From: Lumenello, Jason
- Date: Wed Mar 03 16:24:34 2004
XO set up a similar customer community last year for our customers to
trigger their own black hole at our edge. There is no such thing as an
original idea. :) This "promised response" probably means if you press 3
on your phone, you will get a CSR to open a ticket within 15 minutes.
Sounds like nice marketing.
> -----Original Message-----
> From: firstname.lastname@example.org [mailto:email@example.com] On Behalf
> Stephen Perciballi
> Sent: Wednesday, March 03, 2004 12:25 PM
> To: Andy Ellifson
> Cc: firstname.lastname@example.org
> Subject: Re: UUNet Offer New Protection Against DDoS
> To the best of my knowledge, MCI/UUNET ~was~ the first to implement
> been using it for well over a year now.
> The community is 701:9999. Any route you tag with that community gets
> accross the entire 701 edge. Feel free to contact support and tell
> want to setup the blackhole community if you are having any troubles.
> [Wed, Mar 03, 2004 at 08:34:00AM -0800]
> Andy Ellifson Inscribed these words...
> > When I first saw this post I thought that MCI/UU.Net implemented
> > BGP community strings like CW implemented a month ago. If only all
> > upstreams would have this type of BGP Community string my life would
> > easier. Here is the customer release letter from from CW dated
> > 2004:
> > Dear Customer,
> > If you have received this email, you are either a direct customer of
> > AS3561, (i.e. you have registered a route object for a customer of
> > or are listed in the maintainer of a customer of AS3561.
> > AS3561 has implemented a blackhole/DDoS community string based
> > aid customers in the mitigation of DoS attacks. If you are currently
> > BGP with us, you will be able to use this feature.
> > If you advertise a prefix (route) to us with the community string
> > 3561:666, we will NULL route or 'blackhole' all traffic destined to
> > prefix. The prefixes accepted are based on the current prefix-list
> > for you. Instead of doing exact match filtering, we will accept any
> > (more "specific") within your address block(s). e.g. if you have
> > 192.168.0.0/16 registered, we will accept 192.168.0.0/16 upto /32 as
> long as
> > the 3561:666 community string is attached.
> > Please ensure you are configured to send community strings and
> > the impact of errant advertisements. Diligence should be used when
> > administrating this feature. Once the prefix is received and
> > within AS3561, all traffic destined to the prefix will be discarded
> > blackholing of traffic will continue as long as DDoS community
> > being advertised. Neither Cable & Wireless nor AS3561 will be held
> > or responsible for customers who errantly advertise prefixes with
> > blackhole community string.
> > If you wish to utilize this feature, you can verify our acceptance
> > advertised prefix by querying the AS3561 route server located at
> > http://lg.cw.net.
> > Please remember, we require you to complete a priority one incident
> > at http://www.security.cw.net (Report an Incident) and include
> of the
> > attack. An email describing further details of the attack can be
> > email@example.com, please include the incident report number in the
> subject to
> > assist in the tracking and documentation of the incident. This will
> > the attack is properly administrated handled by our Security and
> > Groups.
> > --- John Obi <firstname.lastname@example.org> wrote:
> > > Hello Nanogers!
> > >
> > > I'm happy to see this, and I hope C&W, Verio, and Level3 ..etc
> > > same!
> > >
> > > MCI/WorldCom Monday unveiled a new service level agreement (SLA)
> help IP
> > > services customers thwart and defend against Internet viruses and
> > >
> > > http://informationweek.securitypipeline.com/news/18201396
> > >
> > > It's the right time before it's too late!
> > >
> > > Regards,
> > >
> > > -J
> > >
> > >
> > > ---------------------------------
> > > Do you Yahoo!?
> > > Yahoo! Search - Find what you're looking for faster.
> Stephen (routerg)