[c-nsp] Stop IP Fragmentation attck

Satish Patel satish.txt at gmail.com
Tue Apr 26 17:26:07 EDT 2016


Roland,

I don't know much about BGP level routing etc. so i may be confused.
Let me think about it and read what it can do for us. I may send you
private email for more details if you don't mind.



On Tue, Apr 26, 2016 at 4:59 PM, Roland Dobbins <rdobbins at arbor.net> wrote:
> On 27 Apr 2016, at 3:33, Satish Patel wrote:
>
>> 1. Does S/RTBH require BGP right?
>> 2. To run BGP requirement is you have to be /24 class network right?
>> (we are very small company)
>
>
> As I already explained, the BGP triggering mechanism for S/RTBH and for
> flowspec (if your platform supports it) has *nothing to do with routing*, it
> is simply a control-plane trigger mechanism, in this context.  It has
> *nothing to do with your upstream transit provider*.  You can *do it locally
> on your own transit edge router*.
>
> Read and absorb this .pdf preso:
>
> <https://app.box.com/s/xznjloitly2apixr5xge>
>
>> 3. DDoS has many many source IP address (spoofed) It's hard to block
>
>
> You said that you were mainly suffering from UDP reflection/amplification
> attacks.  As I stated in a previous response in this thread, those sources
> are *not* spoofed, from your perspective.  Please read and absorb this .pdf
> preso:
>
> <https://app.box.com/s/r7an1moswtc7ce58f8gg>
>
>> Source when million IP attacks, right?
>
>
> You don't generally see a million IP addresses in UDP
> reflection/amplification attacks.  The good thing about the combination of
> flow telemetry and S/RTBH are a) that you can tabulate the sources and b)
> that S/RTBH scales up to the FIB limit of your router.
>
> I mitigate DDoS attacks for a living, FYI.  It might be a good idea to read
> and absorb what I write and read and absorb the presos I post and the links
> I post, because it sounds as if you can benefit from this information.
>
>
> -----------------------------------
> Roland Dobbins <rdobbins at arbor.net>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list