North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Internet vulnerabilities
[email protected] (Mike Tancsa) writes: > ... Still, I think the softest targets are the root name servers. I was > glad to hear at the Toronto NANOG meeting that this was being looked into > from a routing perspective. Not sure what is being done from a DoS > perspective. Now that we've seen enough years of experience from Genuity.orig, UltraDNS, Nominum, AS112, and {F,K}.root-servers.net, we're seriously talking about using anycast for the root server system. This is because a DDoS isn't just against the servers, but against the networks leading to them. Even if we provision for a trillion packets per second per root server, there is no way to get the whole Internet, which is full of Other People's Networks, provisioned at that level. Wide area anycast, dangerous though it can be, works around that. See www.as112.net for an example of how this might work. "More later." -- Paul Vixie
|