[49565] in North American Network Operators' Group
Re: Internet vulnerabilities
daemon@ATHENA.MIT.EDU (Marshall Eubanks)
Thu Jul 4 19:49:22 2002
From: "Marshall Eubanks" <tme@multicasttech.com>
To: Paul Vixie <vixie@vix.com>, nanog@merit.edu
Date: Thu, 04 Jul 2002 19:46:42 -0400
In-Reply-To: <g3r8ijqqgg.fsf@as.vix.com>
Errors-To: owner-nanog-outgoing@merit.edu
On 04 Jul 2002 11:48:47 -0700
Paul Vixie <vixie@vix.com> wrote:
>
> mike@sentex.net (Mike Tancsa) writes:
>
> > ... Still, I think the softest targets are the root name servers. I was
> > glad to hear at the Toronto NANOG meeting that this was being looked into
> > from a routing perspective. Not sure what is being done from a DoS
> > perspective.
>
> Now that we've seen enough years of experience from Genuity.orig, UltraDNS,
> Nominum, AS112, and {F,K}.root-servers.net, we're seriously talking about
> using
> anycast for the root server system. This is because a DDoS isn't just
> against
> the servers, but against the networks leading to them. Even if we provision
> for a trillion packets per second per root server, there is no way to get
> the whole Internet, which is full of Other People's Networks, provisioned at
> that level. Wide area anycast, dangerous though it can be, works around
> that.
>
Is this the anycast based on MSDP ?
Regards
Marshall Eubanks
> See www.as112.net for an example of how this might work. "More later."
> --
> Paul Vixie
