[71009] in North American Network Operators' Group
Re: Real-Time Mitigation of Denial of Service Attacks Now
daemon@ATHENA.MIT.EDU (Erik Haagsman)
Fri Jun 4 10:14:48 2004
From: Erik Haagsman <erik@we-dare.net>
Reply-To: erik@we-dare.net
To: Jeff Aitken <jaitken@aitken.com>
Cc: "Jon R. Kibler" <Jon.Kibler@aset.com>, nanog@merit.edu
In-Reply-To: <1086357990.8543.21.camel@thanos.we-dare.net>
Date: Fri, 04 Jun 2004 16:12:13 +0200
Errors-To: owner-nanog-outgoing@merit.edu
> True, but no-one is saying the entire network should be done in one fell
> swoop. Eventually, larger companies WILL have to replace outdated
> components and when they do they can replace them and at the same time
> make sure ACL's or uBRF
uRPF even..weird typo
> or whatever you use is in place. And before
> that, you could at least make sure your newer equipment that CAN easily
> take ACLs is properly configured. Currently most larger companies do
> neither, always pointing out the cost of doing a huge network wide
> upgrade that in actuality no-one is expecting them to do. Even if only a
> percentage of a large ISP's network (especially xDSL and HFC services)
> is properly configured, it'll save a lot of grief, cutting maintenance
> cost for the ISP itself as well as causing less headaches for other
> companies. And over time you just gradually update parts where you're
> replacing equipment that's at the end of it's lifecycle anyway.
>
>
> Cheers,
--
---
Erik Haagsman
Network Architect
We Dare BV
tel: +31(0)10 7507008
fax:+31(0)10 7507005
http://www.we-dare.nl
