nanog mailing list archives

Re: UUNet Offer New Protection Against DDoS


From: "Christopher L. Morrow" <christopher.morrow () mci com>
Date: Fri, 5 Mar 2004 23:58:38 +0000 (GMT)



On Fri, 5 Mar 2004, Steve Francis wrote:

Christopher L. Morrow wrote:



uRPF in the core seems like a bad plan, what with diverse routes and such.
Loose-mode might help SOME, but really spoofing is such a low priority
issue why make it a requirement? Customer triggered blackholing is a nice
feature though.



Obviously loose-mode.
Spoofing may not be the current weapon of choice, but why not encourage
the best net infrastructure?


Loose mode will not save you very much, many larger backbones route lots
of 'unused' or 'unallocated' ip space internally for various valid
reasons, some even related to security issues for their customers. So,
does stopping rfc-1918 (maybe) space help much? not really... atleast not
that I can see. Many flooding tools now flood from legittimate space, so
the ONLY way to limit this is by filtering as close to the device sourcing
the packets as possible. Nebulous filtering and dropping of miniscule
amounts of traffic in the core of a large network is just a waste of
effort and false panacea.

--Chris
(formerly chris () uu net)
#######################################################
## UUNET Technologies, Inc.                          ##
## Manager                                           ##
## Customer Router Security Engineering Team         ##
## (W)703-886-3823 (C)703-338-7319                   ##
#######################################################


Current thread: