[c-nsp] Modern BGP peering border router and DDoS attack defenserecommendations?

Rodney Dunn rodunn at cisco.com
Thu Jun 9 19:54:57 EDT 2005 

On Thu, Jun 09, 2005 at 04:00:05PM -0600, james edwards wrote:
> > On (09/06/05 11:53), Sam Crooks wrote:
> > >
> > > I understand the issues with access port speed.  The app needs maybe 2
> > > T1.. I am trying to get a feel for the minimum access port speed to
> > > not fall over from a trivial DDoS attack
> >
> >  a few owned hosts connected to cable/dsl can kill a t1 or two.  if
> >  someone wants to take you down, short of having an oc192/10gig uplink,
> >  they will probably succede - in the past week some friends have seen
> >  several ddos attacks of 1-4Gbps...point being, it is really really hard
> >  to get a connection big enough to stand up.  knowing how to get in touch
> >  with your isp and having a clueful provider who can help you mitigate it
> >  are more effective, and a lot less expensive.
> 
> I think money and time is better spent on systems and procedures to quickly
> identify
> a DoS/DDoS and it characteristics than provisioning excess bandwidth to
> carry you through an
> attack. With specific information a good upstream provider can mitigate a
> DoS/DDoS; I would not expect
> an upstream provider to do this research. At the very least you will get a
> much quicker response if you can ask
> for specific ports or IP's to be null routed or rate limited.
> 
> Based on past experiences with upstream providers with Cisco based networks,
> we no longer buy transit from
> these providers as (again based on past experience) their attempts to
> mitigate attacks render their networks or our
> connection worse off than the attack itself.  Providers with significant
> OC-x connectivity and Juniper routers that allow
> us to advertise customer activated null routes get our money.

Can you elaborate?

ie: What hardware did they use?
    How did they try to mitigate the attack?


> James H. Edwards
> Routing and Security Administrator
> At the Santa Fe Office: Internet at Cyber Mesa
> jamesh at cybermesa.com  noc at cybermesa.com
> http://www.cybermesa.com/ContactCM
> (505) 795-7101
> 
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list