nanog mailing list archives
Re: WANTED: ISPs with DDoS defense solutions
From: "Christopher L. Morrow" <chris () UU NET>
Date: Tue, 5 Aug 2003 04:09:02 +0000 (GMT)
On Mon, 4 Aug 2003 bdragon () gweep net wrote:
On Mon, Aug 04, 2003 at 05:28:07PM -0400, bdragon () gweep net wrote:I'm all for raising the bar on attackers and having end networks implement proper source filtering, but even with that 1000 nt machines pinging 2 packet per second is still enough to destroy a T1 customer, and likely with 1500 byte packets a T3 customer as well. You can't stop this without addressing the host security problem...Do you believe backbone networks should do nothing?I'm not sure what you are saying here, backbones do do something, the problem is that it's easy to fill up a T1. *really* easy.I was asking about Chris's use of "having end networks implement proper source filtering" implying that backbones should not do so.
There are many cases in which the backbone can't determine the 'proper' traffic an edge is sending in. Not to mention the problems of filtering on an edge device with 100's or 1000's of interfaces. The proper and simple place for this filtering is as close to the end device as possible. Backbones just aren't made to filter traffic, edge networks are.
Current thread:
- Re: WANTED: ISPs with DDoS defense solutions, (continued)
- Re: WANTED: ISPs with DDoS defense solutions Christopher L. Morrow (Aug 01)
- Re: WANTED: ISPs with DDoS defense solutions E.B. Dreger (Aug 03)
- Re: WANTED: ISPs with DDoS defense solutions E.B. Dreger (Aug 03)
- Re: WANTED: ISPs with DDoS defense solutions Christopher L. Morrow (Aug 01)
- Re: WANTED: ISPs with DDoS defense solutions E.B. Dreger (Aug 01)
- Re: WANTED: ISPs with DDoS defense solutions Vadim Antonov (Aug 02)
- Re: WANTED: ISPs with DDoS defense solutions Rob Thomas (Aug 02)
- Re: WANTED: ISPs with DDoS defense solutions Scott Francis (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions bdragon (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions Jared Mauch (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions bdragon (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions Christopher L. Morrow (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions Paul Vixie (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions Christopher L. Morrow (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions Vadim Antonov (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions bdragon (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Christopher L. Morrow (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Randy Bush (Aug 06)
- opsec IETF draft (was Re: WANTED: ISPs with DDoS defense solutions) George Jones (Aug 07)
- Re: WANTED: ISPs with DDoS defense solutions Jared Mauch (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions Randy Bush (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions Jack Bates (Aug 04)