nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Yahoo! Lessons Learned

From: robert () UU NET
Date: Wed, 09 Feb 2000 20:27:27 -0500



i am rather amused at folk who fear dialup systems being used as ddos
slaves.



I'm more worried about a master being connected there.  Remember, with at 
least one of the tools you can trigger the "slaves" via forged ICMP reply 
messages.  It doesn't take a fat pipe to do that and it makes finding the perp 
that much harder, especially since dial connections are generally more 
anonymous.

Yes, we have tested "source validation" in our live dial network.  Yes, there 
is a performance impact.  "Can do" or "Can't do" depends on how many dial 
customers you are trying to pile into one box, and what equipment you are 
using.

Also, ingress filtering one-hop-up isn't necessarily so easy.  Some of us will 
dynamically route prefixes other than /32 to certain dial customers.  This 
complicates things.
Previous By Date Next
Previous By Thread Next

Current thread: