[53151] in North American Network Operators' Group
Re: ICANN Targets DDoS Attacks
daemon@ATHENA.MIT.EDU (alok)
Mon Nov 4 09:33:44 2002
From: "alok" <alok.dube@apara.com>
To: <cjclark@alum.mit.edu>, <Valdis.Kletnieks@vt.edu>
Cc: <nanog@merit.edu>
Date: Mon, 4 Nov 2002 20:11:54 +0530
Errors-To: owner-nanog-outgoing@merit.edu
is any active working group persuing this matter seriously?
-rgds
Alok
----- Original Message -----
From: alok <alok.dube@apara.com>
To: <cjclark@alum.mit.edu>; <Valdis.Kletnieks@vt.edu>
Sent: Saturday, November 02, 2002 4:26 AM
Subject: Re: ICANN Targets DDoS Attacks
>The first, dropping broadcasts destined to your customers, is possibly
>doable, but not trivial.
------> IGP learnt networks .. a small tweaky bit which learns broadcast
addresses via the networks in the IGP wud help (again summarization wud make
it bad)
>The second, catching all broadcasts coming
>in, out, or just passing through, is pretty much impossible.
-----> a very small percentage cud be blocked if u were willing to link this
to BGP learnt networks..at least those are "complete networks", not
subnetted....
ofcourse its a very small portion, mebbe u cud ask guys to send more
specific BGP routes from now....
-A
