North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Inter-provider communications (Re: nobody @home)

  • From: Dan Hollis
  • Date: Mon Jan 22 02:21:38 2001

On Mon, 22 Jan 2001, Vijay Gill wrote:
> >From what I can manage to make out of the thread, the impression I get is
> that people seem to believe that the Tier 1 (what constitutes a tier 1
> anyway in todays world?) just needs to throw a switch and turn off a Ddos
> attack, but that they are too lazy to flip it.
> Also please realize that just turning off someone's circuit because some
> j. random person called up and claimed it was sourcing a DDoS attack is
> often prohibited by policy at various networks, and an exception must be
> made by senior mgmt in the chain.  If every noc just started to turn off
> interfaces because of a phone call, the results are easy to imagine.

Well, let's take a better example, smurf amps.

I have some personal horror stories about running around in circles
getting tier1s to turn off their smurf amps originating from their own
routers or customers. Eg tier1 router was a smurf amp, it was smurfing, it
could be easily verified to smurf, but they would not disable the smurf
amp because it would have a "negative impact" on their customers. The
fact it was being actively used as a smurf amp didnt seem to matter to them.

This was in fact a case of "just flip a switch and turn off the attack".

I'm sure others on this list have their share of horror stories as well.

The hoops the public had to jump through the past couple years to get
tier1s to turn off their smurf amps is mind boggling. And there are
tier1s who are *still* actively running smurf amps in their cores.

I'm actually suprised noone has filed lawsuits over this. Or maybe someone
did and I missed it.

-Dan