nanog mailing list archives
Re: Defeating DoS Attacks Through Accountability
From: Valdis.Kletnieks () vt edu
Date: Sat, 11 Nov 2000 22:48:52 -0500
On Sat, 11 Nov 2000 11:27:20 EST, Mark Mentovai said:
Not so fast, there are situations when you are authorized to have a certain chunk of address space but elect not to advertise it a certain way for whatever reason. Maybe someone has a pipe that they want to use for outbound traffic only and they don't want to use it at all inbound traffic, and as a result, they don't advertise their routes across it. What justification do you use for dropping traffic that falls into this category?
It's a general principle. Anyhow, they're going to get damned little inbound traffic unless they announce a route for it to *someplace*. I think the original *general* policy was "If we don't have ANY route for it, we don't accept the traffic", which sort of makes sense - how would you get through a TCP 3-way handshake if the SYN+ACK always got back a ICMP Host Unreachable? I saw no requirement that the routing not be assymetric, only that routing exist. I'm sure Mark Prior will correct me if I mis-read him... ;) -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Attachment:
_bin
Description:
Current thread:
- Re: Defeating DoS Attacks Through Accountability, (continued)
- Re: Defeating DoS Attacks Through Accountability Simon Lyall (Nov 02)
- Re: Defeating DoS Attacks Through Accountability Mark Mentovai (Nov 02)
- Re: Defeating DoS Attacks Through Accountability Mark Prior (Nov 11)
- Re: Defeating DoS Attacks Through Accountability Mark Mentovai (Nov 11)
- RE: Defeating DoS Attacks Through Accountability Barry Raveendran Greene (Nov 11)
- Re: Defeating DoS Attacks Through Accountability Austin Schutz (Nov 11)
- Re: Defeating DoS Attacks Through Accountability bmanning (Nov 11)
- RE: Defeating DoS Attacks Through Accountability Mark Mentovai (Nov 11)
- RE: Defeating DoS Attacks Through Accountability John Fraizer (Nov 11)
- Re: Defeating DoS Attacks Through Accountability Mark Prior (Nov 11)
- Re: Defeating DoS Attacks Through Accountability Valdis . Kletnieks (Nov 11)
- Re: Defeating DoS Attacks Through Accountability Mark Prior (Nov 11)
- Re: Defeating DoS Attacks Through Accountability Simon Lyall (Nov 02)
- Re: Defeating DoS Attacks Through Accountability Mark Prior (Nov 11)
- Re: Defeating DoS Attacks Through Accountability Ariel Biener (Nov 02)
- Re: Defeating DoS Attacks Through Accountability Mark Prior (Nov 11)
- Re: Defeating DoS Attacks Through Accountability Mark Mentovai (Nov 12)
- Re: Defeating DoS Attacks Through Accountability Joe Abley (Nov 12)
- Re: Defeating DoS Attacks Through Accountability Marshall Eubanks (Nov 12)