[nsp-sec] Recent 20 Gbps microburst DoS attack
Nick Hilliard
nick at inex.ie
Fri Dec 22 12:40:38 EST 2017
J. Chambers wrote:
> The peering was between core-distribution routers. I think what
> happened is the DoS consumed a link and caused a BGP timeout due to
> dropped hello packets.
we've observed that most ddos traffic contains a small % of packets
which are marked with dscp > 48, which will be forwarded with precedence
over network traffic (ospf, bgp, isis, etc). You may want to consider
rewriting dscp on your network ingress points to drop the qos values on
those frames to junk, as you shouldn't really be getting any ingress
traffic marked with that high priority. Obviously, you'll need to be
careful with bgp traffic to your upstreams.
Nick
More information about the nsp-security
mailing list