This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[address-policy-wg] IPv6 access to K-root
- Previous message (by thread): [address-policy-wg] IPv6 access to K-root
- Next message (by thread): [address-policy-wg] Anti-DoS BGP communities
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jeroen Massar
jeroen at unfix.org
Wed Mar 2 13:26:42 CET 2005
On Wed, 2005-03-02 at 11:53 +0000, Jørgen Hovland wrote: >From: "Iljitsch van Beijnum" <iljitsch at muada.com> >> As for the DoS issue, your transit ISPs can create blackhole communities so you can have them blackhole the traffic for individual >> /32s (if desired) when those are under attack by announcing even more specific more specifics with this community on them. >> >> > >It would be interesting if this could be implemented in BGP5 as a standard so you can announce more specific prefixes that is not to >be routed instead of just announcing the ones that is supposed to be routed. SSUD (Source Specific Unicast Deny), the reverse of SSM in Multicast? The only issue with it is that if somebody has 200 prefixes and each prefix has 100 SSUD entry's you have 200.000 extra prefixes in the routing table... Though you could say that one is allowed to have a max of 5 SSUD's per prefix or some other limit and if the limit is hit the SSUD becomes an exclude for ::/0 or 0.0.0.0 aka anything... Unfortunately DDoS's come from botnets and botnets have more than 200 sources, read, more likely something like 200.000 or 500.000 sources, depending on the person who likes you so very much... Greets, Jeroen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 240 bytes Desc: This is a digitally signed message part URL: </ripe/mail/archives/address-policy-wg/attachments/20050302/a77a34d0/attachment.sig>
- Previous message (by thread): [address-policy-wg] IPv6 access to K-root
- Next message (by thread): [address-policy-wg] Anti-DoS BGP communities
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]