nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Defeating DoS Attacks Through Accountability

From: "Mark Mentovai" <mark-list () mentovai com>
Date: Sat, 11 Nov 2000 18:14:19 -0500 (EST)

Barry Raveendran Greene wrote:

I'll put it this way: filtering should be done against blocks that a
customer can announce, not against blocks that a customer is actively
announcing.  If you're filtering purely against current advertisements,
you're bound to break something sooner or later.


Good theory. But what one public source do all the ISP agree to validate the
authority to announce?


Regional IP address allocating bodies - in other words, ARIN.  If you aren't
listed as responsible for the block in question, you should either have the
information updated (SWIP or rwhois) or obtain written authorization from a
representative of the organization controlling the block.  It's far from
perfect because enthusiasm for providing accurate data via SWIP and rwhois
doesn't really exist as it should, but it's probably the best anyone can
come up with.  Perhaps putting SWIP and rwhois data to a good use such as
this would increase awareness of it and cause the databases to become more
appropriately populated.

Mark
Previous By Date Next
Previous By Thread Next

Current thread: