North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Fair Queuing combats DDoS? [was Re: Yahoo! Lessons Learned ]
On Thu, 10 Feb 2000, Randy Bush wrote: > > > I want something for clueful people to be able to type after "conf > > t". Asking people who probably aren't on this mailing list and almost > > certainly don't understand the problem to fix *their* network does not cut > > the mustard. > > e.g. the problem with the ddos attacks is that the pain is far removed from > the enabling causes, thus severely weakening prophylactic motivations. two > trends may help. as the pain is more universally felt, the motivation may > spread. and i suspect that the inclination to peer with non-motivated isps > may change. > > randy > At minumum, a hurt can be put on networks that are irresponsible/innane by effectively blackholeing them. neighbor db.bad-networks.blah.someone.com remote-as blah-blah neighbor db.bad-networks.blah.someone.com description DB of bad networks neighbor db.bad-networks.blah.someone.com route-map blackhole in neighbor db.bad-networks.blah.someone.com filter-list 2 out ! route-map blackhole permit 10 set ip next-hop 127.0.0.1 ! Suddenlt being blackholed from those of use who don't wish to deal with operators who won't/can't secure their network might actually get their attention. Much the same as denying the entire APNIC allocation in .htaccess substantially reduces CC fraud on e-commerce sites. I know. It's akin to killing a fly with a sledge-hammer but sometimes it's worth it. -------------------------------------------- |Signature line included for Jay R Ashworth| -------------------------------------------- John Fraizer EnterZone, Inc
|