North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Digital Island sponsors DoS attempt?

  • From: Valdis.Kletnieks
  • Date: Fri Oct 26 13:01:07 2001

On Fri, 26 Oct 2001 09:32:39 PDT, Dave Siegel said:
> If you have a list of prefix's you intend to measure, it would not be

If.

This list comes from *where*?

What if I pointed out that IBM's AIX implements Path MTU Discovery by sending
an ICMP packet with max MTU and the DF bit set (so it can discover the *max*
MTU even if the first *TCP* packet is not a full MTU long)?

Are you saying that I should contact each prefix that my Listserv machine is
sending mail to, to get permission to negotiate PMTU discovery?  Ouch.
That's 600K subscribers, and I need to go look up where their MX entries
point to, figure out what AS the destination is in, and send the AS contact
mail (assuming that 'whois' actually has valid data) - and then repeat for
every new subscriber to a list from an AS we haven't contacted before.

No?  That seems silly?  How is it any different from 5 PING packets so a site
can decide which server to send stuff from?  Where do you draw the line?

> transit providers needn't be involved, as transit providers typically
> don't measure icmp flows bound to customers.

We've seen cases where transit providers do things like install blackhole
routing because they disagree with a site because of their traffic.  This
proves that at least *some* transit providers care about *some* traffic for
*some* reason.  Again, where do you draw the line?
-- 
				Valdis Kletnieks
				Operating Systems Analyst
				Virginia Tech

Attachment: pgp00011.pgp
Description: PGP signature