[47832] in North American Network Operators' Group
Re: Arbor Networks DoS defense product
daemon@ATHENA.MIT.EDU (Clayton Fiske)
Wed May 15 21:44:39 2002
Date: Wed, 15 May 2002 18:44:08 -0700
From: Clayton Fiske <clay@bloomcounty.org>
To: nanog@merit.edu
Message-ID: <20020515184408.F28685@bloomcounty.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <20020516012515.GE2239@elvander.otherlands.net>; from briareos@otherlands.net on Wed, May 15, 2002 at 06:25:15PM -0700
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, May 15, 2002 at 06:25:15PM -0700, PJ wrote:
> Granted. However, the suggestion to place said host/network into some
> sort of BGP black hole, has it's problems. The community has a whole
Keep in mind that this would be a subscription service. It's not as
though the route would be announced to the entire net. If you're not
comfortable with it, don't use it on your network (or change upstreams,
if they're using it).
> already has an idea of which networks have an greater precentage of
> attacks originating from it, an alert is fine, a pre-emptive strike in
> the absence of an actual attack is not.
It's not permanent. There clearly would need to be some means of
human intervention by which an entry can be removed. At worst, a
compromised host is blackholed which will get someone's attention.
At best, it is prevented from contributing to attacks.
-c
