[53152] in North American Network Operators' Group
Re: ICANN Targets DDoS Attacks
daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)
Mon Nov 4 11:42:32 2002
From: bmanning@vacation.karoshi.com
To: alok.dube@apara.com (alok)
Date: Mon, 4 Nov 2002 15:47:32 -0800 (PST)
Cc: cjclark@alum.mit.edu, Valdis.Kletnieks@vt.edu, nanog@merit.edu
In-Reply-To: <00c101c28410$55663520$35b1c5cb@alok> from "alok" at Nov 04, 2002 08:11:54 PM
Errors-To: owner-nanog-outgoing@merit.edu
yes. this is a topic of active discussion within
the RSSAC.
>
>
> is any active working group persuing this matter seriously?
>
> -rgds
> Alok
> ----- Original Message -----
> From: alok <alok.dube@apara.com>
> To: <cjclark@alum.mit.edu>; <Valdis.Kletnieks@vt.edu>
> Sent: Saturday, November 02, 2002 4:26 AM
> Subject: Re: ICANN Targets DDoS Attacks
>
>
>
>
> >The first, dropping broadcasts destined to your customers, is possibly
> >doable, but not trivial.
>
> ------> IGP learnt networks .. a small tweaky bit which learns broadcast
> addresses via the networks in the IGP wud help (again summarization wud make
> it bad)
>
> >The second, catching all broadcasts coming
> >in, out, or just passing through, is pretty much impossible.
>
> -----> a very small percentage cud be blocked if u were willing to link this
> to BGP learnt networks..at least those are "complete networks", not
> subnetted....
>
> ofcourse its a very small portion, mebbe u cud ask guys to send more
> specific BGP routes from now....
>
> -A
>
>
>
>
>
