nanog mailing list archives
Re: New Denial of Service Attack on Panix
From: "Dick St.Peters" <stpeters () NetHeaven com>
Date: Tue, 17 Sep 1996 21:38:32 -0400
Logging denies will fill up your log anyway.That depends how your network is setup. Ours would have the route going to Null0, so it wouldn't be shot back out via the default route. This hides any internal instability from being announced to the outside world except in /extreme/ cases. (Like we fall completely off the net). Why would you want the packet transiting back and forth across your T-1 until the TTL expires anyway? Much better to black hole the sucker.
The context was the Livingston boxes. To the best of my knowledge they don't have any analog of Null0 routing, although I've never actually used an IRX, just Livingston's Portmaster CS's. That said, I don't see a lot of difference between using a Null0 route and filtering against outbound destinations in your own address space as ways to black hole the suckers. At least I _know_ filtering can't be propagated to other routers. -- Dick St.Peters, Gatekeeper, Pearly Gateway, Ballston Spa, NY stpeters () NetHeaven com Owner, NetHeaven 518-885-1295/800-910-6671 Albany/Saratoga/Glens Falls/North Creek/Lake Placid/Blue Mountain Lake First Internet service based in the 518 area code - - - - - - - - - - - - - - - - -
Current thread:
- Re: New Denial of Service Attack on Panix, (continued)
- Re: New Denial of Service Attack on Panix Avi Freedman (Sep 17)
- Re: New Denial of Service Attack on Panix George Herbert (Sep 17)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Sep 17)
- Re: New Denial of Service Attack on Panix Avi Freedman (Sep 17)
- Re: New Denial of Service Attack on Panix Michael Dillon (Sep 17)
- Re: New Denial of Service Attack on Panix bmanning (Sep 17)
- Re: New Denial of Service Attack on Panix Leonid Egoshin (Sep 17)
- Re: New Denial of Service Attack on Panix Vadim Antonov (Sep 17)
- Re: New Denial of Service Attack on Panix: Avi Freedman (Sep 17)
- Re: New Denial of Service Attack on Panix Justin W. Newton (Sep 17)
- Re: New Denial of Service Attack on Panix Dick St.Peters (Sep 17)
- Re: New Denial of Service Attack on Panix Kent W. England (Sep 17)
- Re[2]: New Denial of Service Attack on Panix Brian Murrell (Sep 17)
- Re: New Denial of Service Attack on Panix Leonid Egoshin (Sep 17)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Sep 18)
- Re: New Denial of Service Attack on Panix Jeff Young (Sep 18)
- Re: New Denial of Service Attack on Panix Guy T Almes (Sep 18)
- Re: New Denial of Service Attack on Panix Tim Bass (Sep 18)
- Re: New Denial of Service Attack on Panix Stan Barber (Sep 18)
- Re: New Denial of Service Attack on Panix Kent W. England (Sep 18)
- Re: New Denial of Service Attack on Panix Dan Ellis (Sep 18)