North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Fair Queuing combats DDoS? [was Re: Yahoo! Lessons Learned ]
- From: NANOG Mailing List
- Date: Fri Feb 11 00:20:55 2000
On Thu, 10 Feb 2000, Randy Bush wrote:
>
> > I want something for clueful people to be able to type after "conf
> > t". Asking people who probably aren't on this mailing list and almost
> > certainly don't understand the problem to fix *their* network does not cut
> > the mustard.
>
> e.g. the problem with the ddos attacks is that the pain is far removed from
> the enabling causes, thus severely weakening prophylactic motivations. two
> trends may help. as the pain is more universally felt, the motivation may
> spread. and i suspect that the inclination to peer with non-motivated isps
> may change.
>
> randy
>
At minumum, a hurt can be put on networks that are irresponsible/innane by
effectively blackholeing them.
neighbor db.bad-networks.blah.someone.com remote-as blah-blah
neighbor db.bad-networks.blah.someone.com description DB of bad networks
neighbor db.bad-networks.blah.someone.com route-map blackhole in
neighbor db.bad-networks.blah.someone.com filter-list 2 out
!
route-map blackhole permit 10
set ip next-hop 127.0.0.1
!
Suddenlt being blackholed from those of use who don't wish to deal with
operators who won't/can't secure their network might actually get their
attention. Much the same as denying the entire APNIC allocation in
.htaccess substantially reduces CC fraud on e-commerce sites.
I know. It's akin to killing a fly with a sledge-hammer but sometimes
it's worth it.
--------------------------------------------
|Signature line included for Jay R Ashworth|
--------------------------------------------
John Fraizer
EnterZone, Inc
|
