[61567] in North American Network Operators' Group
Re: What do you want your ISP to block today?
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Sat Aug 30 02:51:17 2003
Date: Sat, 30 Aug 2003 06:49:42 +0000 (GMT)
From: "Christopher L. Morrow" <chris@UU.NET>
To: Iljitsch van Beijnum <iljitsch@muada.com>
Cc: Sean Donelan <sean@donelan.com>, NANOG <nanog@merit.edu>
In-Reply-To: <ED3FBD1B-DAB3-11D7-B146-00039388672E@muada.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 30 Aug 2003, Iljitsch van Beijnum wrote:
>
> What would be great though is a system where there is an automatic
> check to see if there is any return traffic for what a customer sends
> out. If someone keeps sending traffic to the same destination without
> anything coming back, 99% chance that this is a denial of service
> attack. If someone sends traffic to very many destinations and in more
> than 50 or 75 % of the cases nothing comes back or just an ICMP port
> unreachable or TCP RST, 99% chance that this is a scan of some sort.
>
No... I have one T1 to Sprint and one T1 to AT&T, I think my AT&T bill
will be high this month so I stop sending OUT AT&T and only accept
traffic, all my traffic in that link... So now I push OUT sprint and IN
AT&T. I don't want sprint to kill my connection just because all traffic
to me is entering AT&T do I?
