[12629] in North American Network Operators' Group
RE: not rewriting next-hop, pointing default, ...
daemon@ATHENA.MIT.EDU (=?ISO-2022-JP?B?GyRCP2UxWxsoSiAbJE)
Fri Sep 26 05:40:38 1997
From: =?ISO-2022-JP?B?GyRCP2UxWxsoSiAbJEIwbE86GyhK?= <ichiro@byd.ocn.ad.jp>
To: "'Enke Chen'" <enkechen@cisco.com>, "nshen@mci.net" <nshen@mci.net>
Cc: "nanog@merit.edu" <nanog@merit.edu>
Date: Fri, 26 Sep 1997 18:09:48 +0900
Enke Chen [SMTP:enkechen@cisco.com] wrote on Saturday, September 13, 1997 2:29 AM
Enke>For ISPs with a lot of direct (i.e., private) peers, on the public
Enke>NAP routers you may want to consider not installing the routes from the
Enke>private peers. This approach could reduce the damage to your private
Enke>links by default-pointing attack. It may also make you less likely
Enke>a target due to black-holing of certain traffic.
And on the NAP router,
adding the blackhole segment ( null 0 or dumb ether etc.)
On cisco, null 0 is not recomended for its process switching
set the default route to the blackhole segment
check the packet in the segment.
These packets are routed by default, so call the routing police :-)
Enke>This approach is not applicable if transit service is provided at
Enke>the public NAP.
Peering in tunneling COULD work.
ichiro@byd.ocn.ad.jp (AS4713<-AS2521<-AS2519)
