nanog mailing list archives
Re: UUNet Offer New Protection Against DDoS
From: "Christopher L. Morrow" <christopher.morrow () mci com>
Date: Sat, 6 Mar 2004 06:12:48 +0000 (GMT)
On Fri, 5 Mar 2004, Dan Hollis wrote:
On Fri, 5 Mar 2004, Christopher L. Morrow wrote:the packets as possible. Nebulous filtering and dropping of miniscule amounts of traffic in the core of a large network is just a waste of effort and false panacea.uunet does operate lots of dialup RAS though correct? any reason why urpf is not reasonable there?
For some sure, for others perhaps not :( We have some customers with dedicated networks over dial, some with dial-backup and even some with dsl backup.
just because its not perfect and doesnt solve every problem doesnt mean its useless.
Sure, I'm just not really sure that the core is the right place to do this... I agree that the edge is a fine place, I'd prefer not my edge :) but the edge is the right place. You can make all the decisions correctly there, you can not in the core.
miniscule amounts of traffic in uunet's core is still enough to ddos many a victim into oblivion. anyone who has been ddos'd by uunet customers can appreciate that.
miniscule is enough to cause problems in anyone's network.... the point here was: "Core isn't the right place for this" I wasn't really trying to argue the 'urpf is good' or 'urpf is bad' arguement, just the placement. Sorry if I made that confusing earlier. --Chris (formerly chris () uu net) ####################################################### ## UUNET Technologies, Inc. ## ## Manager ## ## Customer Router Security Engineering Team ## ## (W)703-886-3823 (C)703-338-7319 ## #######################################################
Current thread:
- Re: UUNet Offer New Protection Against DDoS, (continued)
- Re: UUNet Offer New Protection Against DDoS Randy Bush (Mar 03)
- Message not available
- Re: UUNet Offer New Protection Against DDoS Suresh Ramasubramanian (Mar 03)
- Re: UUNet Offer New Protection Against DDoS Paul (Mar 03)
- Re: UUNet Offer New Protection Against DDoS Steve Francis (Mar 05)
- Re: UUNet Offer New Protection Against DDoS Christopher L. Morrow (Mar 05)
- RE: UUNet Offer New Protection Against DDoS Michael Hallgren (Mar 05)
- Re: UUNet Offer New Protection Against DDoS Steve Francis (Mar 05)
- Re: UUNet Offer New Protection Against DDoS Christopher L. Morrow (Mar 05)
- Re: UUNet Offer New Protection Against DDoS Dan Hollis (Mar 05)
- Re: UUNet Offer New Protection Against DDoS Christopher L. Morrow (Mar 05)
- Re: UUNet Offer New Protection Against DDoS Steve Francis (Mar 06)
- Re: UUNet Offer New Protection Against DDoS Paul Vixie (Mar 06)
- Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 06)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Alex Bligh (Mar 06)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Paul Vixie (Mar 06)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Dan Hollis (Mar 06)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 06)
- Re: Source address validation (was Re: UUNet Offer New Protection Paul Vixie (Mar 06)