Practical Solutions for Internet Routing Security and DDoS Mitigation

This talk will review a range of solutions for Internet routing security and distributed denial of service (DDoS) mitigation. The solution methods include RPKI, route origin validation (ROV), BGP signaling for mitigation of route leaks, enhanced feasible-path unicast reverse path filtering (EFP-uRPF), remotely triggered black hole (RTBH) filtering, and Flowspec. These techniques are covered in detail and security guidance is also offered in NIST Special Publication 800-189.