Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: UUNet Offer New Protection Against DDoS

  • From: Christopher L. Morrow
  • Date: Fri Mar 05 19:00:51 2004


On Fri, 5 Mar 2004, Steve Francis wrote:

> Christopher L. Morrow wrote:
>
> >
> >
> >uRPF in the core seems like a bad plan, what with diverse routes and such.
> >Loose-mode might help SOME, but really spoofing is such a low priority
> >issue why make it a requirement? Customer triggered blackholing is a nice
> >feature though.
> >
> >
> >
> Obviously loose-mode.
> Spoofing may not be the current weapon of choice, but why not encourage
> the best net infrastructure?
>

Loose mode will not save you very much, many larger backbones route lots
of 'unused' or 'unallocated' ip space internally for various valid
reasons, some even related to security issues for their customers. So,
does stopping rfc-1918 (maybe) space help much? not really... atleast not
that I can see. Many flooding tools now flood from legittimate space, so
the ONLY way to limit this is by filtering as close to the device sourcing
the packets as possible. Nebulous filtering and dropping of miniscule
amounts of traffic in the core of a large network is just a waste of
effort and false panacea.

--Chris
(formerly chris@uu.net)
#######################################################
## UUNET Technologies, Inc.                          ##
## Manager                                           ##
## Customer Router Security Engineering Team         ##
## (W)703-886-3823 (C)703-338-7319                   ##
#######################################################




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.