North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

peering requirements (Re: DDOS anecdotes)

  • From: Paul Vixie
  • Date: Sat Jun 23 15:08:59 2001

> ... but I do not blame their IP stack for this like Mr Gibson does though.

Same here.

> ... From spoofed sources because ISPs do not source address filter?
> Gah. Basically untraceable.

This is the problem.

> What should we do?

Recommendation: upgrade your peering requirements to include language like:

	Each peer agrees to emit only IP packets with accurate
	source addresses, to require their customers to do likewise,
	and to extend this requirement to all other peers by $DATE.

Where DATE = (now() + '6 months') or some other negotiated value.

I've been saying this since 1993.  Is anybody ready to believe me yet?  We
solve this, or our industry stops growing because we're spending too much
time dealing with this problem and new customers see diminished returns.