nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Arbor Networks DoS defense product

From: Clayton Fiske <clay () bloomcounty org>
Date: Wed, 15 May 2002 18:44:08 -0700

On Wed, May 15, 2002 at 06:25:15PM -0700, PJ wrote:

Granted.  However, the suggestion to place said host/network into some
sort of BGP black hole, has it's problems.  The community has a whole


Keep in mind that this would be a subscription service. It's not as
though the route would be announced to the entire net. If you're not
comfortable with it, don't use it on your network (or change upstreams,
if they're using it).


already has an idea of which networks have an greater precentage of
attacks originating from it, an alert is fine, a pre-emptive strike in
the absence of an actual attack is not.


It's not permanent. There clearly would need to be some means of
human intervention by which an entry can be removed. At worst, a
compromised host is blackholed which will get someone's attention.
At best, it is prevented from contributing to attacks.

-c
Previous By Date Next
Previous By Thread Next

Current thread: