[93052] in North American Network Operators' Group
Re: register.com down sev0?
daemon@ATHENA.MIT.EDU (Fergie)
Thu Oct 26 01:17:24 2006
From: "Fergie" <fergdawg@netzero.net>
Date: Thu, 26 Oct 2006 05:11:14 GMT
To: patrick@ianai.net
Cc: nanog@merit.edu, patrick@ianai.net
Errors-To: owner-nanog@merit.edu
I don't want to detract from the heat of this discussion, as
important as it is, but it (the discussion) illustrates a point
that RIPE has recognized -- and is actively perusing -- yet, ISPs
on this continent seem consistently to ignore: The consistent
implementation of BCP 38.
It is nothing less than irresponsible, IMO...
Why _is_ that?
- ferg
-- "Patrick W. Gilmore" <patrick@ianai.net> wrote:
[snip]
There is no single "appropriately[sic] place" which can absorb =
50Mpps. If you meant "appropriately placed" (as in topologically =
dispersed locations), a well crafted attack could still guarantee _at =
least_ a partial DoS from an end user PoV.
It is essentially impossible to distinguish end-user requests from =
(im)properly created DoS packets (especially until BCP38 is widely =
adopted - i.e. probably never). Since there is no single place - no =
13 places - which can withstand a well crafted DoS, you are =
guaranteed that some users will not be able to reach any of your =
listed authorities.
This is not speculation, this is fact. All a good provider can do, =
even with 1000s of server, is minimize the impact of any DoS.
[snip]
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
