Re: spare swamp space?

[Brandon Ross <bross () mindspring net>]

On Wed, 19 Aug 1998, Alex Bligh wrote:

> Yeah, if you discard at the end of your upstream provider's link, then
> that link will get saturated if you are smurfed enough. Last time we
> had a really bad one, we were looking at 6-10Mb/s which was not enough
> to saturate transit DS-3s, but enough to saturate a few bits of internal
> network (us international providers have the odd small line here and
> there). Obviously the further upstream you put it the better.

See that's the beauty of using either the swamp space or, if I have to and
can negotiate it, private space.  The echo-replies get dropped right at
their source since there's no route back to me. 

> One of the problems here is lack of interest from peers and upstreams. If
> you catch their interest at sales time rather than at abuse time
> (i.e. you configure something similar into their router on setup),
> that would be optimal.

This is exactly what I'm doing going forward with new external
connectivity.  One of the questions I will have of all future transit
negotiations will be to ask if they are willing to trace spoofed traffic
and to ask if they will commit to a reasonable turnaround time to get
their customer's amplifying networks fixed once reported. 

Brandon Ross            Network Engineering     404-815-0770 800-719-4664
Director, Network Engineering, MindSpring Ent., Inc.  info () mindspring com
                                                            ICQ:  2269442

Stop Smurf attacks!  Configure your router interfaces to block directed
broadcasts. See http://www.quadrunner.com/~chuegen/smurf.cgi for details.