[38225] in North American Network Operators' Group
Re: engineering --> ddos and flooding
daemon@ATHENA.MIT.EDU (Joel Jaeggli)
Thu May 31 21:22:07 2001
Date: Thu, 31 May 2001 18:21:19 -0700 (PDT)
From: Joel Jaeggli <joelja@darkwing.uoregon.edu>
To: <horape@tinuviel.compendium.net.ar>
Cc: Andrew Dorsett <zerocool@netpath.net>, <nanog@merit.edu>
In-Reply-To: <20010531204913.E26407@tinuviel.compendium.net.ar>
Message-ID: <Pine.LNX.4.33.0105311806230.12790-100000@twin.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 31 May 2001 horape@tinuviel.compendium.net.ar wrote:
>
> Why should it be so great deal? It should allow me only to add filters on
> the traffic that is destined to me, not arbitrary filters...
>
Filters have a non-zero impact on cpu overhead. Where they end up in the
forwarding path could negativly affect your upstream or other routers in a
fashion that's signficantly worse than the attack on you affects them...
The potential for someone at isp B to do engineering on the way that
traffic from isp A's customers flow to isp B on isp A's routers ought to
be fairly disturbing to most folks. Normally that's something that both
parties have to agree on first.
