[nsp-sec] Recent 20 Gbps microburst DoS attack
Barry Greene
bgreene at senki.org
Fri Dec 22 12:53:18 EST 2017
Hi Team,
> J. Chambers wrote:
>> The peering was between core-distribution routers. I think what
>> happened is the DoS consumed a link and caused a BGP timeout due to
>> dropped hello packets.
>
> we've observed that most ddos traffic contains a small % of packets
> which are marked with dscp > 48, which will be forwarded with precedence
> over network traffic (ospf, bgp, isis, etc). You may want to consider
> rewriting dscp on your network ingress points to drop the qos values on
> those frames to junk, as you shouldn't really be getting any ingress
> traffic marked with that high priority. Obviously, you'll need to be
> careful with bgp traffic to your upstreams.
Is it time to consider recoloring (setting the DSCP) on the peering edge? I’ve got the old materials from the DSCP recoloring on the customer edge?
I’ll put this on the holiday writing queue for a draft to look at.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20171222/275d27ba/attachment.sig>
More information about the nsp-security
mailing list