Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: So.. you want to track some DoS traffic?

  • From: Christopher L. Morrow
  • Date: Mon Jul 02 18:26:53 2001


On Mon, 2 Jul 2001, Alex Bligh wrote:

> > Credit: Credit should go to those listed in the link, UUNET's TAC-Eng
> > group, UUNET's Net-Sec group, UUNET's Customer Router Security Group,
> > dies@pulltheplug.com and a few others I have forgotten.
> 
> Slight sense of Deja Vu.
> 
> Without wishing to blow my own trumpet, from NANOG in 1999:
> 
> http://answerpointe.cctec.com/maillists/nanog/historical/9907/msg00083.html

So basically you've proposed implementing black hole routing via a
community... this is nice and COULD be used by customers, though I'd be
worried about them blackholing something 'important' and not figuring it
out... which is all too common a problem.

We discussed this at implementation/design time and fell back on "we would
rather do it manually, just in case...". Additionally, if someone messed
up the customer's filter and didn't filter their routes they could
accidently drop traffic another customer :( Manual and by a select few
people was the end decision.

Not that it's not a great idea, but BGP is 'hard' and customers (and
providers) routinely screw it up :( Also, your paper doesn't hit the main
thing I was getting at: Tracking the attack... dropping traffic is great
and you can do it in 101 different ways, but the tough part was tracking
it... (at least it was the tough thing we was trying to make less tough).

-Chris





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.