https://csrc.nist.gov/publications/detail/sp/800-189/draft


/

This document provides technical guidance and recommendations for technologies 
that improve the security and robustness of interdomain traffic exchange. 
Technologies recommended in this document for securing the interdomain routing 
control traffic include Resource Public Key Infrastructure (RPKI), BGP origin 
validation (BGP-OV), and prefix filtering. Additionally, technologies 
recommended for mitigating DoS and DDoS attacks include prevention of IP 
address spoofing using source address validation with access control lists 
(ACLs) and unicast Reverse Path Forwarding (uRPF). Other technologies such as 
remotely triggered black hole (RTBH) filtering, flow specification (Flowspec), 
and response rate limiting (RRL) are also recommended as part of the overall 
security mechanisms.

dougm
--
Doug Montgomery, Manager Internet  & Scalable Systems Research @ NIST

Reply via email to