[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

automatic rtbh trigger using flow data

No ISP is in the business of filtering traffic unless the client pays the hefty fee since someone still has to tank the attack.

I also donâ??t think there is destination prefix IP filtering in flowspec, which could seriously cause problems.

From: NANOG <nanog-bounces at nanog.org> On Behalf Of Baldur Norddahl
Sent: Saturday, September 01, 2018 5:18 PM
To: nanog at nanog.org
Subject: Re: automatic rtbh trigger using flow data

fre. 31. aug. 2018 17.16 skrev Hugo Slabbert <hugo at slabnet.com<mailto:hugo at slabnet.com>>:

I would love an upstream that accepts flowspec routes to get granular about
drops and to basically push "stateless ACLs" upstream.

_keeps dreaming_

We just need a signal to drop UDP for a prefix. The same as RTBH but only for UDP. This would prevent all volumetric attacks without the end user being cut off completely.

Besides from some games, VPN and VoIP, they would have an almost completely normal internet experience. DNS would go through the ISP servers and only be affected if the user is using a third party service.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180902/60ca557b/attachment.html>