On Wed, 2005-03-02 at 11:53 +0000, Jørgen Hovland wrote:
From: "Iljitsch van Beijnum" <iljitsch@muada.com>
As for the DoS issue, your transit ISPs can create blackhole communities so you can have them blackhole the traffic for individual /32s (if desired) when those are under attack by announcing even more specific more specifics with this community on them.
It would be interesting if this could be implemented in BGP5 as a standard so you can announce more specific prefixes that is not to be routed instead of just announcing the ones that is supposed to be routed.
SSUD (Source Specific Unicast Deny), the reverse of SSM in Multicast? The only issue with it is that if somebody has 200 prefixes and each prefix has 100 SSUD entry's you have 200.000 extra prefixes in the routing table... Though you could say that one is allowed to have a max of 5 SSUD's per prefix or some other limit and if the limit is hit the SSUD becomes an exclude for ::/0 or 0.0.0.0 aka anything... Unfortunately DDoS's come from botnets and botnets have more than 200 sources, read, more likely something like 200.000 or 500.000 sources, depending on the person who likes you so very much... Greets, Jeroen