Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Fair Queuing combats DDoS? [was Re: Yahoo! Lessons Learned ]

  • From: NANOG Mailing List
  • Date: Fri Feb 11 00:20:55 2000

On Thu, 10 Feb 2000, Randy Bush wrote:

> > I want something for clueful people to be able to type after "conf
> > t". Asking people who probably aren't on this mailing list and almost
> > certainly don't understand the problem to fix *their* network does not cut
> > the mustard.
> e.g. the problem with the ddos attacks is that the pain is far removed from
> the enabling causes, thus severely weakening prophylactic motivations.  two
> trends may help.  as the pain is more universally felt, the motivation may
> spread.  and i suspect that the inclination to peer with non-motivated isps
> may change.
> randy

At minumum, a hurt can be put on networks that are irresponsible/innane by
effectively blackholeing them.

neighbor remote-as blah-blah
neighbor description DB of bad networks
neighbor route-map blackhole in
neighbor filter-list 2 out
route-map blackhole permit 10
set ip next-hop

Suddenlt being blackholed from those of use who don't wish to deal with
operators who won't/can't secure their network might actually get their
attention.  Much the same as denying the entire APNIC allocation in
.htaccess substantially reduces CC fraud on e-commerce sites.

I know.  It's akin to killing a fly with a sledge-hammer but sometimes
it's worth it.

|Signature line included for Jay R Ashworth|

John Fraizer
EnterZone, Inc

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.