May be. Anyway, under ddos attack, your links may be congested, and you need to recover them. You have small margin to move. The farther upstream the attack is repelled, the better chances you have for restoring connectivity.
>----Mensaje original---- >De: [email protected] >Fecha: 08/12/2010 12:31 >Para: "Drew Weaver"<[email protected]> >CC: "[email protected]"<[email protected]>, "[email protected]"<[email protected]>, "North American Operators' Group"<[email protected]> >Asunto: Re: Over a decade of DDOS--any progress yet? > >+1 > >On Wed, Dec 8, 2010 at 10:30 AM, Drew Weaver <[email protected]> wrote: >> Yes, but this obviously completes the 'DDoS attack' and sends the signal that the bully will win. >> >> -Drew >> >> >> -----Original Message----- >> From: [email protected] [mailto:alvaro.sanc...@adinet. com.uy] >> Sent: Wednesday, December 08, 2010 8:46 AM >> To: [email protected]; North American Operators' Group >> Subject: Re: Over a decade of DDOS--any progress yet? >> >> A very common action is to blackhole ddos traffic upstream by sending a >> bgp route to the next AS with a preestablished community indicating the >> traffic must be sent to Null0. The route may be very specific, in order >> to impact as less as possible. This needs previous coordination between >> providers. >> Regards. >> >>>----Mensaje original---- >>>De: [email protected] >>>Fecha: 08/12/2010 10:53 >>>Para: "North American Operators' Group"<[email protected]> >>>Asunto: Re: Over a decade of DDOS--any progress yet? >>> >>> >>>On Dec 8, 2010, at 7:28 PM, Arturo Servin wrote: >>> >>>> One big problem (IMHO) of DDoS is that sources (the host of >> botnets) may be completely unaware that they are part of a DDoS. I do >> not mean the bot machine, I mean the ISP connecting those. >>> >>>The technology exists to detect and classify this attack traffic, and >> is deployed in production networks today. >>> >>>And of course, the legitimate owners of the botted hosts are >> generally unaware that their machine is being used for nefarious >> purposes. >>> >>>> In the other hand the target of a DDoS cannot do anything to stop >> to attack besides adding more BW or contacting one by one the whole >> path of providers to try to minimize the effect. >>> >>>Actually, there're lots of things they can do. >>> >>>> I know that this has many security concerns, but would it be good >> a signalling protocol between ISPs to inform the sources of a DDoS >> attack in order to take semiautomatic actions to rate-limit the traffic >> as close as the source? Of course that this is more complex that these >> three or two lines, but I wonder if this has been considerer in the >> past. >>> >>>It already exists. >>> >>>----------------------------------------------------------------------- >>>Roland Dobbins <[email protected]> // <http://www.arbornetworks. com> >>> >>> Sell your computer and buy a guitar. >>> >>> >>> >>> >>> >>> >> >> >> >> >> >
