[53163] in North American Network Operators' Group
Re: ICANN Targets DDoS Attacks
daemon@ATHENA.MIT.EDU (alok)
Mon Nov 4 15:31:02 2002
From: "alok" <alok.dube@apara.com>
To: <bmanning@beguile.ip4.int>,
"David Conrad" <david.conrad@nominum.com>
Cc: <bmanning@vacation.karoshi.com>, <cjclark@alum.mit.edu>,
<Valdis.Kletnieks@vt.edu>, "nanog" <nanog@merit.edu>
Date: Tue, 5 Nov 2002 02:07:31 +0530
Errors-To: owner-nanog-outgoing@merit.edu
Hi,
{ this is one "snappy" mailing list :o) }......
I meant, where can I find the people bouncing ideas on this topic....
-rgds
Alok
----- Original Message -----
From: <bmanning@beguile.ip4.int>
To: David Conrad <david.conrad@nominum.com>
Cc: <bmanning@vacation.karoshi.com>; alok <alok.dube@apara.com>;
<cjclark@alum.mit.edu>; <Valdis.Kletnieks@vt.edu>; nanog <nanog@merit.edu>
Sent: Tuesday, November 05, 2002 5:58 AM
Subject: Re: ICANN Targets DDoS Attacks
ok, so i exploited the ambiguity in the original question.
wrt "active" - there is a sub-group from within the RSSAC
members that seems to be exchanging email on a regular basis
on various response vectors to either diffuse an attack (anycast)
or repel an attack (rate-limits).
On Mon, Nov 04, 2002 at 09:08:44AM -0800, David Conrad wrote:
> Just to be clear:
>
> (a) RSSAC is not an IETF working group. It is an ICANN thing and not open
> to the public (last I heard)
>
> (b) "active" in this context must be using a definition of that term that
> I'm unfamiliar with.
>
> Rgds,
> -drc
>
> On 11/4/02 3:47 PM, "bmanning@vacation.karoshi.com"
> <bmanning@vacation.karoshi.com> wrote:
>
> >
> >
> > yes. this is a topic of active discussion within
> > the RSSAC.
> >
> >
> >>
> >>
> >> is any active working group persuing this matter seriously?
> >>
> >> -rgds
> >> Alok
> >> ----- Original Message -----
> >> From: alok <alok.dube@apara.com>
> >> To: <cjclark@alum.mit.edu>; <Valdis.Kletnieks@vt.edu>
> >> Sent: Saturday, November 02, 2002 4:26 AM
> >> Subject: Re: ICANN Targets DDoS Attacks
> >>
> >>
> >>
> >>
> >>> The first, dropping broadcasts destined to your customers, is possibly
> >>> doable, but not trivial.
> >>
> >> ------> IGP learnt networks .. a small tweaky bit which learns
broadcast
> >> addresses via the networks in the IGP wud help (again summarization wud
make
> >> it bad)
> >>
> >>> The second, catching all broadcasts coming
> >>> in, out, or just passing through, is pretty much impossible.
> >>
> >> -----> a very small percentage cud be blocked if u were willing to link
this
> >> to BGP learnt networks..at least those are "complete networks", not
> >> subnetted....
> >>
> >> ofcourse its a very small portion, mebbe u cud ask guys to send more
> >> specific BGP routes from now....
> >>
> >> -A
> >>
> >>
> >>
> >>
> >>
> >
