[60247] in North American Network Operators' Group
Re: WANTED: ISPs with DDoS defense solutions
daemon@ATHENA.MIT.EDU (bdragon@gweep.net)
Mon Aug 4 19:03:58 2003
To: jared@puck.Nether.net (Jared Mauch)
Date: Mon, 4 Aug 2003 19:02:00 -0400 (EDT)
Cc: nanog@nanog.org
In-Reply-To: <20030804214526.GM32100@puck.nether.net> from "Jared Mauch" at Aug 04, 2003 05:45:26 PM
From: bdragon@gweep.net
Errors-To: owner-nanog-outgoing@merit.edu
> On Mon, Aug 04, 2003 at 05:28:07PM -0400, bdragon@gweep.net wrote:
> >
> > > I'm all for raising the bar on attackers and having end networks implement
> > > proper source filtering, but even with that 1000 nt machines pinging 2
> > > packet per second is still enough to destroy a T1 customer, and likely
> > > with 1500 byte packets a T3 customer as well. You can't stop this without
> > > addressing the host security problem...
> >
> > Do you believe backbone networks should do nothing?
>
> I'm not sure what you are saying here, backbones do do
> something, the problem is that it's easy to fill up a T1. *really* easy.
I was asking about Chris's use of "having end networks implement
proper source filtering" implying that backbones should not do so.
