North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Yahoo! Lessons Learned

  • From: Daniel Senie
  • Date: Tue Feb 08 23:05:50 2000

"K. Graham" wrote:
> 
> On 8 Feb 2000, Sean Donelan wrote:
> 
> > Date: 8 Feb 2000 03:25:36 -0800
> > From: Sean Donelan <[email protected]>
> > To: [email protected]
> > Subject: Yahoo! Lessons Learned
> >
> >
> > As much as I enjoy finding out about Yahoo & GlobalCenter issues by
> > reading the newswires, I wonder if there are any lessons we can learn
> > from these events.  Or was this not big enough to get attention of
> > upper management?
> 
> Possibly.
> 
> >
> > Was there something Yahoo!, GlobalCeneter or other providers could
> > have done, either individually or in cooperation, to prevent the
> problem?
> >
> 
> Yes.
> One of the emails sent in, mentioned that a network they work with or
> for was being utilized as an amplifier.  Each network that have
> gateway routers should ensure that they disallow IP broadcasts.

Please refer to RFC2644/BCP34 on the subject of directed broadcasts.
This RFC recommends router vendors disable directed broadcasts by
default. It also recommends ISPs disable directed broadcast on ALL
routers. In light of the recent events, it would be good to see a
concerted effort made by everyone to ensure this has been done.

Of course as Paul has mentioned, we wrote RFC 2267 several years ago to
address this very issue. I strongly encourage folks to take a hard look
at ingress filtering. Hardware vendors have implemented features in
dialup servers and routers which can help.

While implementing these measures may not directly benefit your network,
doing so may thwart an attack against someone else's net. Tomorrow, the
roles could be reversed. As with many areas of managing the Internet,
cooperation is key.

-- 
-----------------------------------------------------------------
Daniel Senie                                        [email protected]
Amaranth Networks Inc.            http://www.amaranthnetworks.com