[64739] in North American Network Operators' Group
RE: more on filtering
daemon@ATHENA.MIT.EDU (Ray Burkholder)
Fri Oct 31 14:22:24 2003
Reply-To: <ray@oneunified.net>
From: "Ray Burkholder" <ray@oneunified.net>
To: "'Matthew Kaufman'" <matthew@eeph.com>,
"'Alex Yuriev'" <alex@yuriev.com>
Cc: "'Greg Maxwell'" <gmaxwell@martin.fl.us>,
"'Chris Parker'" <cparker@starnetusa.net>, <nanog@merit.edu>
Date: Fri, 31 Oct 2003 14:16:18 -0500
In-Reply-To: <007901c39fdc$c03d2500$0200b3cd@matthewdesk>
Errors-To: owner-nanog-outgoing@merit.edu
>=20
> Even if I had an all-Juniper network, I'd still need to=20
> decide what to do
> about DDOS attacks... Do I just call my circuit vendors and=20
> keep adding
> OC48s until the problem goes away?
>=20
But isn't this just trying to put a square peg into a round hole? Wouldn't
it be better to let routers route, switches switch, and filter boxen filter?
I know people like to have routers talk directly to each other, but there
are certain high capacity upper layer filter boxen out there that, when
inserted into the link, can handle this nastiness, so a router doesn't
over-work its designed-to-be-lazy processor.
--=20
Scanned for viruses and dangerous content at=20
http://www.oneunified.net and is believed to be clean.
