North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SYN floods (was: does history repeat itself?)
At 09:08 PM 9/9/96 -0400, Avi Freedman wrote: >This is *exactly* the right thing to do; every provider which does >not provide complicated transit (which excludes even certain regionals, >alas) should do this at their borders if they don't do it at each customer >connect. > >And everyone should at least filter on each customer 56k/t1/etc... >I know router cycles are tight but it might *really* become >imperative... Am I missing something.... If I am announcing a network via BGP I am more or less agreeing to carry traffic for it. If I am not I am not. Therefore, if I filter based on my outbound BGP announcements and do not allow any packets which have a source address not originating from a network in my BGP announcements then I should not be causing any harm to the networks which I am providing connectivity to. This has the added benefit of stopping people from defaulting into me at exchange points as I will not carry that traffic across my backbone. I'd love to hear the holes in this theory. Justin Newton Internet Architect Erol's Internet Services - - - - - - - - - - - - - - - - -
|