[27292] in North American Network Operators' Group
Re: Fair Queuing combats DDoS? [was Re: Yahoo! Lessons Learned ]
daemon@ATHENA.MIT.EDU (NANOG Mailing List)
Fri Feb 11 00:19:30 2000
Date: Fri, 11 Feb 2000 00:16:40 -0500 (EST)
From: NANOG Mailing List <nanog@EnterZone.Net>
To: Randy Bush <randy@psg.com>
Cc: nanog@merit.edu
In-Reply-To: <E12J4p7-0005sv-00@rip.psg.com>
Message-ID: <Pine.LNX.3.96.1000211000542.31340A-100000@Overkill.EnterZone.Net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 10 Feb 2000, Randy Bush wrote:
>
> > I want something for clueful people to be able to type after "conf
> > t". Asking people who probably aren't on this mailing list and almost
> > certainly don't understand the problem to fix *their* network does not cut
> > the mustard.
>
> e.g. the problem with the ddos attacks is that the pain is far removed from
> the enabling causes, thus severely weakening prophylactic motivations. two
> trends may help. as the pain is more universally felt, the motivation may
> spread. and i suspect that the inclination to peer with non-motivated isps
> may change.
>
> randy
>
At minumum, a hurt can be put on networks that are irresponsible/innane by
effectively blackholeing them.
neighbor db.bad-networks.blah.someone.com remote-as blah-blah
neighbor db.bad-networks.blah.someone.com description DB of bad networks
neighbor db.bad-networks.blah.someone.com route-map blackhole in
neighbor db.bad-networks.blah.someone.com filter-list 2 out
!
route-map blackhole permit 10
set ip next-hop 127.0.0.1
!
Suddenlt being blackholed from those of use who don't wish to deal with
operators who won't/can't secure their network might actually get their
attention. Much the same as denying the entire APNIC allocation in
.htaccess substantially reduces CC fraud on e-commerce sites.
I know. It's akin to killing a fly with a sledge-hammer but sometimes
it's worth it.
--------------------------------------------
|Signature line included for Jay R Ashworth|
--------------------------------------------
John Fraizer
EnterZone, Inc
