nanog mailing list archives
Re: engineering --> ddos and flooding
From: Joel Jaeggli <joelja () darkwing uoregon edu>
Date: Thu, 31 May 2001 16:30:51 -0700 (PDT)
On Thu, 31 May 2001, Andrew Dorsett wrote:
I'm going to reply to my own post here. I am thoroughly impressed. I sent the message out and in 10 minutes I had two replies. Keep the ideas coming, I will form up a general suggestion message and post it later. One thing to think about, I want a way to do it without having to call a NOC like Genuity and asking them to put in a filter, I want a way to do something about it at a lower level.
If you think about what you're asking for means operationally, what you want is the ability to get your upstream to allow you to install filters on their routers... That requires a great of deal trust, which is not likely to be forthcoming in the current evironment.
Like multiple connections....Remember NOC calls take time because of hold times... Someone just told me (on here) that the IETF is working on something,
That was Jared
anyone know how many more years it will take for that protocol?
One of the obersevations I would make up you original question is that dos attacks do not in this day and age typically originate in core networks but rather on tens or hundreds or thousands of edge network devices... your upstream is unlikely to have a good handle on the actual source of the attack (which in any case may be several locations) rather it's far more easy to characterize the target (you) and filter on that.
Thanks again, Andrew At 05:59 PM 5/31/2001, you wrote:Hey, this is a technical question for all of the Network Engineers/Architects on the list. Has a method been found to stop an incoming attack? Granted you can filter the packets to null on the router, but that doesn't stop them from coming across the wire and into the router. Has a way been devised to stop them from coming into the router; via something like a BGP update to null the packets or what? I'm concerned about a flood that is so massive coming from the core and flooding a small T1 or less. Thanks, Andrew --- <zerocool () netpath net> http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate Development Assistant: Netpath/Stratonet, Inc. (http://www.netpath.net/) Email: dorsett () netpath net "Learn from the mistakes of others. You won't live long enough to make all of them yourself." -- Unknown "YEEEHA!!! What a CRASH!!!" -- Random System Administrator--- <zerocool () netpath net> http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate Development Assistant: Netpath/Stratonet, Inc. (http://www.netpath.net/) Email: dorsett () netpath net "Learn from the mistakes of others. You won't live long enough to make all of them yourself." -- Unknown "YEEEHA!!! What a CRASH!!!" -- Random System Administrator
-- -------------------------------------------------------------------------- Joel Jaeggli joelja () darkwing uoregon edu Academic User Services consult () gladstone uoregon edu PGP Key Fingerprint: 1DE9 8FCA 51FB 4195 B42A 9C32 A30D 121E -------------------------------------------------------------------------- It is clear that the arm of criticism cannot replace the criticism of arms. Karl Marx -- Introduction to the critique of Hegel's Philosophy of the right, 1843.
Current thread:
- engineering --> ddos and flooding Andrew Dorsett (May 31)
- Re: engineering --> ddos and flooding Jared Mauch (May 31)
- Re: engineering --> ddos and flooding Andrew Dorsett (May 31)
- Re: engineering --> ddos and flooding Joel Jaeggli (May 31)
- Re: engineering --> ddos and flooding Geoff Z (May 31)
- <Possible follow-ups>
- Re: engineering --> ddos and flooding Steven M. Bellovin (May 31)
- Re: engineering --> ddos and flooding Joel Jaeggli (May 31)