[34022] in North American Network Operators' Group
Re: Proactive steps to prevent DDOS?
daemon@ATHENA.MIT.EDU (Alex Pilosov)
Sat Jan 27 00:41:56 2001
Date: Sat, 27 Jan 2001 00:42:20 -0500 (EST)
From: Alex Pilosov <alex@pilosoft.com>
To: Adam Rothschild <asr@latency.net>
Cc: Sean Donelan <sean@donelan.com>, nanog@merit.edu
In-Reply-To: <20010126230606.A68185@og.latency.net>
Message-ID: <Pine.BSO.4.10.10101270038270.10437-100000@spider.pilosoft.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, 26 Jan 2001, Adam Rothschild wrote:
> What's to prevent high-visibility shell/IRC/web/etc servers (read:
> DDoS targets) from announcing their netblocks to their upstreams, and
Read: DDoS targets which bring no cash revenue, essentially loss-leaders.
That doesn't quite work when ebay.com is being DDoSed (uh, guys, we
fixed the problem, you can now browse, but, sorry, we withdrew the route
to our production server to accomplish that).
> This doesn't need to be a costly endeavor. Zebra is perfectly stable
> when receiving no routes, and announcing a couple of networks at the
> most. You'll find that lots of folks who have legacy class C (or B
> even!) and AS number assignments they're not currently using, dating
> back to before the ARIN charged for such things, are more than willing
> to transfer/lend them to you when you ask politely. Don't believe me?
> Try it sometime.
Tried that, didn't have much luck. Possibly, eventually, when we'll have
clearinghouse for IPs, and most likely old swamp IPs would have far higher
valuations than just regular PI netblocks...
-alex
