Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: preventing future situations like panix

  • From: Josh Karlin
  • Date: Mon Jan 23 18:38:33 2006
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=FcdQg/AA0cuwzBhWn//ZOhPErU7pfTYlApEnpiyeyj0ISU86WVPY4r4LXHPLHN4wNkaS8zMYUcbeTGbmclZjVy0N6lwVW16pb9PxvcYyfpUjS0D0WJu0Bskxw6OIrk/q/V2NSQxxwr4MT7fo0zlPX1uObogr4xRurP/vFMIwm7w=

> > It seems like most of the routers which would need to make this decision
> > wouldn't have adequate information upon which to do so...
>
> not necessarily.  the decision could be made in "near real time" by
> building prefix filters based on the algorithms that josh and co have
> worked on and leaving a 'default deny' in place.  this moves the
> routing decision off of the router (which i agree does not have the
> history or resources to take these additional vectors of information
> into account) and over to a server with more storage and computational
> capacity.


The 'core' routers are definitely the best informed, though other ASs
which are multi-homed also come across a substantial bit of
information through updates.  Yet if only the core ASs were to run
such a solution, it would be sufficient to suppress most attacks for
at least a day.  The paper has more detail on that situation.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.