nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: What do you want your ISP to block today?

From: "Christopher L. Morrow" <chris () UU NET>
Date: Sat, 30 Aug 2003 06:49:42 +0000 (GMT)


On Sat, 30 Aug 2003, Iljitsch van Beijnum wrote:


What would be great though is a system where there is an automatic
check to see if there is any return traffic for what a customer sends
out. If someone keeps sending traffic to the same destination without
anything coming back, 99% chance that this is a denial of service
attack. If someone sends traffic to very many destinations and in more
than 50 or 75 % of the cases nothing comes back or just an ICMP port
unreachable or TCP RST, 99% chance that this is a scan of some sort.



No... I have one T1 to Sprint and one T1 to AT&T, I think my AT&T bill
will be high this month so I stop sending OUT AT&T and only accept
traffic, all my traffic in that link... So now I push OUT sprint and IN
AT&T. I don't want sprint to kill my connection just because all traffic
to me is entering AT&T do I?
Previous By Date Next
Previous By Thread Next

Current thread: