Keep the traffic out of your network:
1. null0 destination ip addr at edge devices
a) community b)manually
http://tools.ietf.org/html/rfc3882
http://www.linux.it/~md/text/blackholing.html
http://wozney.ca/2010/03/11/bgp-blackhole-community/
Allow the attacking traffic in your network:
1. qos the attacking traffic
http://www.cloudcentrics.com/?p=455
http://www.composednetworks.com/qos
2. iACL block fake source IP address
3. traffic clean based on destination ip address
4. divert attacking traffic to dummy device
No comments:
Post a Comment