[32127] in North American Network Operators' Group
RE: Defeating DoS Attacks Through Accountability
daemon@ATHENA.MIT.EDU (Mark Mentovai)
Sat Nov 11 18:16:58 2000
From: "Mark Mentovai" <mark-list@mentovai.com>
Date: Sat, 11 Nov 2000 18:14:19 -0500 (EST)
To: Barry Raveendran Greene <bgreene@cisco.com>
Cc: nanog@merit.edu
In-Reply-To: <017501c04c28$e31aa170$4f01a8c0@bgreenent2.cisco.com>
Message-ID: <Pine.GSO.4.21.0011111809230.27889-100000@pine.ggn.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
Barry Raveendran Greene wrote:
>> I'll put it this way: filtering should be done against blocks that a
>> customer can announce, not against blocks that a customer is actively
>> announcing. If you're filtering purely against current advertisements,
>> you're bound to break something sooner or later.
>
>Good theory. But what one public source do all the ISP agree to validate the
>authority to announce?
Regional IP address allocating bodies - in other words, ARIN. If you aren't
listed as responsible for the block in question, you should either have the
information updated (SWIP or rwhois) or obtain written authorization from a
representative of the organization controlling the block. It's far from
perfect because enthusiasm for providing accurate data via SWIP and rwhois
doesn't really exist as it should, but it's probably the best anyone can
come up with. Perhaps putting SWIP and rwhois data to a good use such as
this would increase awareness of it and cause the databases to become more
appropriately populated.
Mark
