Re: New Denial of Service Attack on Panix

["Dick St.Peters" <stpeters () NetHeaven com>]

> > Logging denies will fill up your log anyway.
>
> That depends how your network is setup.  Ours would have the route going to
> Null0, so it wouldn't be shot back out via the default route.  This hides
> any internal instability from being announced to the outside world except
> in /extreme/ cases. (Like we fall completely off the net).  Why would you
> want the packet transiting back and forth across your T-1 until the TTL
> expires anyway?  Much better to black hole the sucker.

The context was the Livingston boxes.  To the best of my knowledge
they don't have any analog of Null0 routing, although I've never
actually used an IRX, just Livingston's Portmaster CS's.

That said, I don't see a lot of difference between using a Null0 route
and filtering against outbound destinations in your own address space
as ways to black hole the suckers.  At least I _know_ filtering can't
be propagated to other routers.

--
Dick St.Peters,       Gatekeeper, Pearly Gateway, Ballston Spa, NY
stpeters () NetHeaven com     Owner, NetHeaven 518-885-1295/800-910-6671
Albany/Saratoga/Glens Falls/North Creek/Lake Placid/Blue Mountain Lake
          First Internet service based in the 518 area code

- - - - - - - - - - - - - - - - -