[27264] in North American Network Operators' Group
Re: Fair Queuing combats DDoS? [was Re: Yahoo! Lessons Learned ]
daemon@ATHENA.MIT.EDU (Alex Bligh)
Thu Feb 10 16:59:24 2000
From: Alex Bligh <amb@gxn.net>
To: Alexei Roudnev <alex@genesyslab.com>
Cc: Alex Bligh <amb@gxn.net>, nanog@merit.edu
In-reply-to: Your message of "Thu, 10 Feb 2000 13:37:24 PST."
<Pine.GSO.4.21.0002101335440.25577-100000@stress.genesyslab.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 10 Feb 2000 21:49:37 +0000
Message-Id: <E12J1Sz-0001Cb-00@sapphire.noc.gxn.net>
Errors-To: owner-nanog-outgoing@merit.edu
alex@genesyslab.com said:
> No, the key issue is _frauded src addresses_. All others can be
> remedied easily.
In my opinion the issue is allowing the clueful to scalably protect
their networks against those of the clueless or fallible who do
not and will not deploy RPF nor secure their servers any time near
now. In the mean time, those who want to survive in the market place
better put their clue to use and work out how to protect their networks
without relying on the actions of others. This is roughly equivalent
to saying "lock your door" when you leave your house, rather than
complaining that "the *real* problem is actually thieves, and this is
what we need to fix".
In the words of Mr Bush, I want something for clueful people to
be able to type after "conf t". Asking people who probably aren't on this
mailing list and almost certainly don't understand the problem to
fix *their* network does not cut the mustard.
--
Alex Bligh
VP Core Network, Concentric Network Corporation
(formerly GX Networks, Xara Networks)
