nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Effective ways to deal with DDoS attacks?

From: "Christopher L. Morrow" <chris () UU NET>
Date: Sun, 5 May 2002 03:34:47 +0000 (GMT)

On Sat, 4 May 2002, Stephen Griffin wrote:

In the referenced message, Iljitsch van Beijnum said:

On Fri, 3 May 2002, Stephen Griffin wrote:
For multihomed customers, these sets of prefixes should be identical, just
like with single homed customers. The only time when those sets of
prefixes is NOT the same is for a backup connection. But if a connection
is a pure backup for incoming traffic, it's reasonable to assume it's a
pure backup for outgoing traffic as well, so as long as the backup is
dormant, you don't see any traffic so no uRPF problems.


Not always the case, customer behaviour can not be accurately modeled.



I was hoping someone else might mention this, BUT what about the case of
customers providing transit for outbound but not inbound traffic for their
customers? We have many, many cases of customers that are 'default
routing' for their customers that get inbound traffic down alternate
customers or peers or wherever... uRPF seems like a not so good solution
for these instances :( especially since some of these are our worst
abusers :(

-Chris
Previous By Date Next
Previous By Thread Next

Current thread: