[27067] in North American Network Operators' Group
Re: Yahoo! Lessons Learned
daemon@ATHENA.MIT.EDU (Daniel Senie)
Tue Feb 8 23:04:06 2000
Message-ID: <38A0E6B2.D596079D@senie.com>
Date: Tue, 08 Feb 2000 23:01:54 -0500
From: Daniel Senie <dts@senie.com>
MIME-Version: 1.0
To: nanog@nanog.org
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
"K. Graham" wrote:
>
> On 8 Feb 2000, Sean Donelan wrote:
>
> > Date: 8 Feb 2000 03:25:36 -0800
> > From: Sean Donelan <sean@donelan.com>
> > To: nanog@merit.edu
> > Subject: Yahoo! Lessons Learned
> >
> >
> > As much as I enjoy finding out about Yahoo & GlobalCenter issues by
> > reading the newswires, I wonder if there are any lessons we can learn
> > from these events. Or was this not big enough to get attention of
> > upper management?
>
> Possibly.
>
> >
> > Was there something Yahoo!, GlobalCeneter or other providers could
> > have done, either individually or in cooperation, to prevent the
> problem?
> >
>
> Yes.
> One of the emails sent in, mentioned that a network they work with or
> for was being utilized as an amplifier. Each network that have
> gateway routers should ensure that they disallow IP broadcasts.
Please refer to RFC2644/BCP34 on the subject of directed broadcasts.
This RFC recommends router vendors disable directed broadcasts by
default. It also recommends ISPs disable directed broadcast on ALL
routers. In light of the recent events, it would be good to see a
concerted effort made by everyone to ensure this has been done.
Of course as Paul has mentioned, we wrote RFC 2267 several years ago to
address this very issue. I strongly encourage folks to take a hard look
at ingress filtering. Hardware vendors have implemented features in
dialup servers and routers which can help.
While implementing these measures may not directly benefit your network,
doing so may thwart an attack against someone else's net. Tomorrow, the
roles could be reversed. As with many areas of managing the Internet,
cooperation is key.
--
-----------------------------------------------------------------
Daniel Senie dts@senie.com
Amaranth Networks Inc. http://www.amaranthnetworks.com
