FYI: RFC 3882 on Configuring BGP to Block Denial-of-Service Attacks

Given recent discussions on blackholing traffic, this may
be of interest.

- ferg


A new Request for Comments is now available in online RFC libraries.

        RFC 3882

        Title: Configuring BGP to Block Denial-of-Service Attacks
        Author(s): D. Turk
        Status: Informational
        Pages: 8
        Characters: 19637
        Updates/Obsoletes/SeeAlso: None

        I-D Tag: draft-turk-bgp-dos-07.txt


This document describes an operational technique that uses BGP
communities to remotely trigger black-holing of a particular
destination network to block denial-of-service attacks. Black-holing
can be applied on a selection of routers rather than all BGP-speaking
routers in the network. The document also describes a sinkhole tunnel
technique using BGP communities and tunnels to pull traffic into a
sinkhole router for analysis.


This tunneling is 'centertrack' which is patented... Also, tunneling is a
dangerous prospect when you get very large amounts of attack traffic.

hrm... unless Robert can send the Patent No. I think I was mistaken,
CenterTrack wasn't patented, though I could swear it was...