The Hedge 10: Pavel Odintsov and Fastnetmon

22 October 2019 | Comments Off on The Hedge 10: Pavel Odintsov and Fastnetmon

Fastnetmon began life as an open source DDoS detection tool, but has grown in scope over time. By connecting Fastnetmon to open source BGP implementations, operators can take action when a denial of service event is detected, triggering black holes and changing route preferences. Pavel Odintsov joins us to talk about this interesting and useful open source project.

Short Take: Flowspec and BCP38

23 April 2019 | Comments Off on Short Take: Flowspec and BCP38

DNS Challenge and Response

10 April 2019 | Comments Off on DNS Challenge and Response

Research: Practical Challenge-Response for DNS

11 March 2019 | Comments Off on Research: Practical Challenge-Response for DNS

Because the speed of DNS is so important to the performance of any connection on the ‘net, a lot of thought goes into making DNS servers fast, including optimized software that can respond to queries in milliseconds, and connecting DNS servers to the ‘net through high bandwidth links. To set the stage for massive DDoS…

DDoS Mitigation Strategies

7 November 2018 | Comments Off on DDoS Mitigation Strategies

Research: Tail Attacks on Web Applications

12 September 2018 |

When you think of a Distributed Denial of Service (DDoS) attack, you probably think about an attack which overflows the bandwidth available on a single link; or overflowing the number of half open TCP sessions a device can have open at once, preventing the device from accepting more sessions. In all cases, a DoS or…

On the ‘web: The Value of MANRS

16 January 2018 | Comments Off on On the ‘web: The Value of MANRS

Route leaks and Distributed Denial of Service (DDoS) attacks have been in the news a good deal over the last several years; but the average non-transit network operator might generally feel pretty helpless in the face of the onslaught. Perhaps you can buy a DDoS mitigation service or appliance, and deploy the ubiquitous firewall at…

Flowspec and RFC1998?

4 January 2018 | Comments Off on Flowspec and RFC1998?

In a recent comment, Dave Raney asked: Russ, I read your latest blog post on BGP. I have been curious about another development. Specifically is there still any work related to using BGP Flowspec in a similar fashion to RFC1998. In which a customer of a provider will be able to ask a provider to…

History of Networking: DDoS

28 November 2017 | Comments Off on History of Networking: DDoS

Another excellent recording by the folks at the Network Collective. Roland Dobbins on the history of Distributed Denial of Service attacks!

On the ‘web: A new way to deal with DDoS

20 June 2017 |

Most large scale providers manage Distributed Denial of Service (DDoS) attacks by spreading the attack over as many servers as possible, and simply “eating” the traffic. This traffic spreading routine is normally accomplished using Border Gateway Protocol (BGP) communities and selective advertisement of reachable destinations, combined with the use of anycast to regionalize and manage…