[27169] in North American Network Operators' Group
Re: Yahoo! Lessons Learned
daemon@ATHENA.MIT.EDU (robert@UU.NET)
Wed Feb 9 20:31:18 2000
From: robert@UU.NET
Message-Id: <200002100127.UAA04880@beefcake2000.argfrp.us.uu.net>
To: Randy Bush <randy@psg.com>
Cc: nanog@nanog.org
In-Reply-To: Message from Randy Bush <randy@psg.com>
of "Wed, 09 Feb 2000 14:12:38 PST." <E12IfLi-000257-00@roam.psg.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 09 Feb 2000 20:27:27 -0500
Errors-To: owner-nanog-outgoing@merit.edu
>
> i am rather amused at folk who fear dialup systems being used as ddos
> slaves.
>
I'm more worried about a master being connected there. Remember, with at
least one of the tools you can trigger the "slaves" via forged ICMP reply
messages. It doesn't take a fat pipe to do that and it makes finding the perp
that much harder, especially since dial connections are generally more
anonymous.
Yes, we have tested "source validation" in our live dial network. Yes, there
is a performance impact. "Can do" or "Can't do" depends on how many dial
customers you are trying to pile into one box, and what equipment you are
using.
Also, ingress filtering one-hop-up isn't necessarily so easy. Some of us will
dynamically route prefixes other than /32 to certain dial customers. This
complicates things.
