North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: So.. you want to track some DoS traffic?
- From: Christopher L. Morrow
- Date: Mon Jul 02 18:26:53 2001
On Mon, 2 Jul 2001, Alex Bligh wrote:
> > Credit: Credit should go to those listed in the link, UUNET's TAC-Eng
> > group, UUNET's Net-Sec group, UUNET's Customer Router Security Group,
> > email@example.com and a few others I have forgotten.
> Slight sense of Deja Vu.
> Without wishing to blow my own trumpet, from NANOG in 1999:
So basically you've proposed implementing black hole routing via a
community... this is nice and COULD be used by customers, though I'd be
worried about them blackholing something 'important' and not figuring it
out... which is all too common a problem.
We discussed this at implementation/design time and fell back on "we would
rather do it manually, just in case...". Additionally, if someone messed
up the customer's filter and didn't filter their routes they could
accidently drop traffic another customer :( Manual and by a select few
people was the end decision.
Not that it's not a great idea, but BGP is 'hard' and customers (and
providers) routinely screw it up :( Also, your paper doesn't hit the main
thing I was getting at: Tracking the attack... dropping traffic is great
and you can do it in 101 different ways, but the tough part was tracking
it... (at least it was the tough thing we was trying to make less tough).