[149562] in North American Network Operators' Group
Re: UDP port 80 DDoS attack
daemon@ATHENA.MIT.EDU (Keegan Holley)
Wed Feb 8 10:13:48 2012
In-Reply-To: <596B74B410EE6B4CA8A30C3AF1A155EA09CBCE53@RWC-MBX1.corp.seven.com>
From: Keegan Holley <keegan.holley@sungard.com>
Date: Wed, 8 Feb 2012 10:12:50 -0500
To: George Bonser <gbonser@seven.com>
Cc: nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Providers don't even check the registries for bgp advertisements. See the th=
read on hijacked routes for proof. Not to mention how do you handle a smal=
l transit AS? Do you trust that they have the correct filters as well? Do y=
ou start reading their AS paths and try to filter based on the registry for f=
olks down stream? Then there's the RLDRAM issue. Most edge boxes will just=
run out if ACL's. Lastly there's no contractual obligation to play traffic=
cop for the entire Internet so providers would be dropping traffic that the=
y can legitimately bill for.
Sent from my iPhone
On Feb 8, 2012, at 4:56 AM, George Bonser <gbonser@seven.com> wrote:
>> No, we have registries to act as registries, the ISPs should be
>> checking them, and double checking. It isn't something that is going
>> to change every day or every week. Once you get it set up, it is going
>> to be stable for a while. Sure, it means a little more work in setting
>> up a customer, but it also means that if all your neighbors do the same
>> thing, you field many fewer calls dealing with stupid DoS crap.
>>=20
>=20
> I'll put it another way. Any provider that does not police their customer t=
raffic has no business whining about DoS problems.
>=20
>=20
