[68234] in North American Network Operators' Group
Re: UUNet Offer New Protection Against DDoS
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Sat Mar 6 01:13:38 2004
Date: Sat, 6 Mar 2004 06:12:48 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
To: Dan Hollis <goemon@anime.net>
Cc: "Christopher L. Morrow" <christopher.morrow@mci.com>,
Steve Francis <steve@expertcity.com>,
"Terranson, Alif" <Alif.Terranson@savvis.net>, nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0403051611030.7917-100000@sasami.anime.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, 5 Mar 2004, Dan Hollis wrote:
> On Fri, 5 Mar 2004, Christopher L. Morrow wrote:
> > the packets as possible. Nebulous filtering and dropping of miniscule
> > amounts of traffic in the core of a large network is just a waste of
> > effort and false panacea.
>
> uunet does operate lots of dialup RAS though correct? any reason why urpf
> is not reasonable there?
For some sure, for others perhaps not :( We have some customers with
dedicated networks over dial, some with dial-backup and even some with dsl
backup.
>
> just because its not perfect and doesnt solve every problem doesnt mean
> its useless.
>
Sure, I'm just not really sure that the core is the right place to do
this... I agree that the edge is a fine place, I'd prefer not my edge :)
but the edge is the right place. You can make all the decisions correctly
there, you can not in the core.
> miniscule amounts of traffic in uunet's core is still enough to ddos many
> a victim into oblivion. anyone who has been ddos'd by uunet customers can
> appreciate that.
miniscule is enough to cause problems in anyone's network.... the point
here was: "Core isn't the right place for this" I wasn't really trying to
argue the 'urpf is good' or 'urpf is bad' arguement, just the placement.
Sorry if I made that confusing earlier.
--Chris
(formerly chris@uu.net)
#######################################################
## UUNET Technologies, Inc. ##
## Manager ##
## Customer Router Security Engineering Team ##
## (W)703-886-3823 (C)703-338-7319 ##
#######################################################
