nanog mailing list archives
Re: DoS attacks, NSPs unresponsiveness
From: Ariel Biener <ariel () fireball tau ac il>
Date: Fri, 3 Nov 2000 04:20:02 +0200 (IST)
On Thu, 2 Nov 2000, J Bacher wrote:
Wonderful.The problem has been identified. But, other than foot-stomping, I haven't seen any solutions to correct it.
You hit the nail on it's head, that is exactly the feeling I have.
The "we'll pull the plug" attitude won't work unless absence of said filtering violates that ISP's upstream AUP or contract.
Naturally, people still want to do business, and we're not looking for an intimidation atmosphere, but ... Reading the below, what I see is a Internet Draft that defines how to properly protect your own network and other networks, using known RFCs are techniques that are common practice among cluefull people nowadays. This draft could be come the cook-book of connecting your enterprise/company/ISP/entity to an upstream provider, and be used a a reference guide for the said purpose. Of course, if it will be updated with contemporan knowledge and methods from time to time, it will really be best. The tier1 (and even tier2) providers should insist, as part of the AUP or "getting-connected to us" policy that their downstream implement. This mailing list (not only) has a handful of very knowledgeable and experienced inter-networking experts, as well as people who have grown into management throughout the years. I think it's well within the capability of this forum (or any other better suited forum, if one will be suggested) to create and maintain such a draft. Thoughts ? --Ariel
Some suggestions: 1) Develop a group of technical contacts, one each company, for each Tier 1 provider. 2) Create a document with configuration examples for various routers 3) Request that each technical contact of these Tier 1 providers coordinate with its respective internal customer service reps to handle dissemination of said document to its ISP customers. or 4) Disseminate the document through other appropriate mailing lists or newsgroups. It's completely pointless to identify a problem without also identifying possible solutions or working toward correcting the problem.
-- Ariel Biener e-mail: ariel () post tau ac il Work phone: 03-6406086 fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC
Current thread:
- Re: DoS attacks, NSPs unresponsiveness, (continued)
- Re: DoS attacks, NSPs unresponsiveness Mark Mentovai (Nov 02)
- RE: DoS attacks, NSPs unresponsiveness rick (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness Valdis . Kletnieks (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness J Bacher (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness Valdis . Kletnieks (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness J Bacher (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness John Kristoff (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness J Bacher (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness Joe Shaw (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness Mark Mentovai (Nov 02)
- Message not available
- Re: DoS attacks, NSPs unresponsiveness Valdis . Kletnieks (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness Ariel Biener (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness dies (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness Daniel Senie (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness Randy Bush (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness Ariel Biener (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness dies (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness Ariel Biener (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness John Payne (Nov 03)
- Re: DoS attacks, NSPs unresponsiveness dies (Nov 03)
- Message not available
- Re: DoS attacks, NSPs unresponsiveness Hank Nussbacher (Nov 02)