[c-nsp] Stop IP Fragmentation attck
Job Snijders
job at instituut.net
Tue Apr 26 15:13:18 EDT 2016
On Tue, Apr 26, 2016 at 08:04:23PM +0100, Howard Jones wrote:
> On 26/04/2016 19:24, Job Snijders wrote:
> > FastNetMon: https://github.com/pavel-odintsov/fastnetmon
> > Here is a presentation about one deployment: https://www.youtube.com/watch?v=0ahdxp_btHY
> >
> >
> Nice presentation! :-) Does your upstream transit care about you
> announcing and withdrawing every 57 seconds like that?
Speaking with my employers hat on: nope, an update per minute is
perfectly acceptable. If you'd do multiple per _second_, it might be
more reason for concern.
There are a few providers that support selective blackholing:
https://www.us.ntt.net/support/policy/routing.cfm#blackhole
http://as286.net/AS286-erBH.html
https://portal.hibernianetworks.com/public/communities
There could be others, I do not have a full overview.
Kind regards,
Job
More information about the cisco-nsp
mailing list