nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SYN flood messages flooding my mailbox

From: Curtis Villamizar <curtis () ans net>
Date: Wed, 18 Sep 1996 17:30:20 -0400

In message <2.2.32.19960918115159.0069ee30 () lint cisco com>, Paul Ferguson write
s:

At 04:15 PM 9/17/96 -0400, Curtis Villamizar wrote:




Of course, if by "known route" you mean known because it is in the
IRR, and the IRR is known to be reliable, then I accept your argument
but caution that the IRR is not always reliable, but this is yet
another reason to make it more reliable.



Curtis,

This is also a valid argument for *not* relying on the IRR for security
issues.

- paul



I agree with you on this point but I don't think the security issues
with the IRR are unsolvable.  Making sure hierarchical authorization
changes are deployed at all registries and enabling the PGP
authentication would certainly help.

Hierarchical authorization would require that registries recognize
IANA as the numbering authority and install top level objects based on
IANA top level delegations.  This would require a strong tie between
numbering allocations and routing registry.  Right now any bozo can
come along and claim a quarter or half the number space.

Curtis
- - - - - - - - - - - - - - - - -
Previous By Date Next
Previous By Thread Next

Current thread: