[6572] in North American Network Operators' Group
Re: NAP/ISP Saturation WAS: Re: Exchanges that matter...
daemon@ATHENA.MIT.EDU (Avi Freedman)
Fri Dec 20 17:17:12 1996
From: Avi Freedman <freedman@netaxs.com>
To: amb@xara.net (Alex.Bligh)
Date: Fri, 20 Dec 1996 17:04:50 -0500 (EST)
Cc: tli@jnx.com, amb@xara.net, david@sparks.net, nanog@merit.edu
In-Reply-To: <199612202200.WAA26065@diamond.xara.net> from "Alex.Bligh" at Dec 20, 96 10:00:24 pm
> > I think that there's some lack of clarity on the problem here. Anyone can
> > stream packets at ANY router and take it down. If it's not ICMP, you can
> > simply forge routing protocol packets. It's a question of simply
> > supersaturating the system. To truly deal with DoS attacks, there are
> > basically three approaches:
>
> Indeed. For instance SYN-flood the BGP port.
Won't work easily.
On Criscos, the queue is per peer, not per port..
Avi
