Configuring BGP to Block Denial-of-Service Attacks
RFC 3882, “Configuring BGP to Block Denial-of-Service Attacks”, is an Informational document published in October 2004 by D. Turk. The canonical text is published by the RFC Editor.
Abstract
This document describes an operational technique that uses BGP communities to remotely trigger black-holing of a particular destination network to block denial-of-service attacks. Black-holing can be applied on a selection of routers rather than all BGP-speaking routers in the network. The document also describes a sinkhole tunnel technique using BGP communities and tunnels to pull traffic into a sinkhole router for analysis. This memo provides information for the Internet community.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 3882 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 3881 Security Audit and Access Accountability Message XML Data Definitions for Healthcare Applications
- RFC 3883 Detecting Inactive Neighbors over OSPF Demand Circuits
- RFC 3880 Call Processing Language : A Language for User Control of Internet Telephony Services
- RFC 3884 Use of IPsec Transport Mode for Dynamic Routing
- RFC 3879 Deprecating Site Local Addresses
- RFC 3885 SMTP Service Extension for Message Tracking
- RFC 3878 Alarm Reporting Control Management Information Base
- RFC 3886 An Extensible Message Format for Message Tracking Responses