Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: WANTED: ISPs with DDoS defense solutions

  • From: Christopher L. Morrow
  • Date: Tue Aug 05 00:12:07 2003


On Mon, 4 Aug 2003 bdragon@gweep.net wrote:

>
> > On Mon, Aug 04, 2003 at 05:28:07PM -0400, bdragon@gweep.net wrote:
> > >
> > > > I'm all for raising the bar on attackers and having end networks implement
> > > > proper source filtering, but even with that 1000 nt machines pinging 2
> > > > packet per second is still enough to destroy a T1 customer, and likely
> > > > with 1500 byte packets a T3 customer as well. You can't stop this without
> > > > addressing the host security problem...
> > >
> > > Do you believe backbone networks should do nothing?
> >
> > 	I'm not sure what you are saying here, backbones do do
> > something, the problem is that it's easy to fill up a T1.  *really* easy.
>
> I was asking about Chris's use of "having end networks implement
> proper source filtering" implying that backbones should not do so.

There are many cases in which the backbone can't determine the 'proper'
traffic an edge is sending in. Not to mention the problems of filtering on
an edge device with 100's or 1000's of interfaces. The proper and simple
place for this filtering  is as close to the end device as possible.
Backbones just aren't made to filter traffic, edge networks are.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.