[nsp-sec] Recent 20 Gbps microburst DoS attack
Roland Dobbins
rdobbins at arbor.net
Fri Dec 22 01:04:09 EST 2017
On 22 Dec 2017, at 8:47, J. Chambers wrote:
> This caused one of our iBGP sessions to flap, even with CoPP deployed.
> (maybe this can be tuned more)
Both you and your upstream transit providers should have iACLs deployed,
which pretty much obviates the need for CoPP, and is much simpler to
maintain. iBGP session from internal core-type router to transit edge
router, or . . . ?
Since you're an endpoint network, there may well be tACLs you can deploy
which would help, as well (the standard university nonsense about not
being able to filter traffic because of 'academic freedom' is, of
course, nonsense; hopefully, you aren't subject to such pressures from
the uninformed, heh).
What were the targets of the attack? Network infrastructure devices, or
. . . ?
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the nsp-security
mailing list