Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: WANTED: ISPs with DDoS defense solutions

  • From: Jared Mauch
  • Date: Mon Aug 04 19:06:56 2003

On Mon, Aug 04, 2003 at 04:59:53PM -0500, Jack Bates wrote:
> on has to contact each IP owner and find out if spoof protection is 
> enabled.

	it's worse than that.  If they have it enabled (eg: 10.0.0.0/24 has
it enabled), but nobody else does, it allows everyone else to spoof
from the 10/24 prefix causing large sets of complaints to filter into
their mailbox.

	If we're able to authenticate the sources, then we can presume
abuse reports are authentic.  (aside from address space hijacking issues).

	it all comes down to filtering, filtering, filtering.

	announcement filtering, anti-spoof filtering, peer filtering.

	If you're not doing this, you *SHOULD* be.  I know it's hard
to do these things in the current business environment.  Those of
you that can, please take the time to do this.  It will make the lives
of the rest of us much easier when tracing attacks back.

	For those of you that are doing IPv6 deployments, might I suggest
you also take the time to do the same?  I know that Cisco has v6 u-rpf
support already.

	- Jared

-- 
Jared Mauch  | pgp key available via finger from jared@puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.