North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ICANN Targets DDoS Attacks

  • From: alok
  • Date: Mon Nov 04 15:30:32 2002 
Hi,

{ this is one "snappy" mailing  list :o) }......

I meant, where can I find the people bouncing ideas on this topic....

-rgds
Alok

----- Original Message -----
From: <[email protected]>
To: David Conrad <[email protected]>
Cc: <[email protected]>; alok <[email protected]>;
<[email protected]>; <[email protected]>; nanog <[email protected]>
Sent: Tuesday, November 05, 2002 5:58 AM
Subject: Re: ICANN Targets DDoS Attacks



ok, so i exploited the ambiguity in the original question.
wrt "active" - there is a sub-group from within the RSSAC
members that seems to be exchanging email on a regular basis
on various response vectors to either diffuse an attack (anycast)
or repel an attack (rate-limits).




On Mon, Nov 04, 2002 at 09:08:44AM -0800, David Conrad wrote:
> Just to be clear:
>
> (a) RSSAC is not an IETF working group.  It is an ICANN thing and not open
> to the public (last I heard)
>
> (b) "active" in this context must be using a definition of that term that
> I'm unfamiliar with.
>
> Rgds,
> -drc
>
> On 11/4/02 3:47 PM, "[email protected]"
> <[email protected]> wrote:
>
> >
> >
> > yes.  this is a topic of active discussion within
> > the RSSAC.
> >
> >
> >>
> >>
> >> is any active working group persuing this matter seriously?
> >>
> >> -rgds
> >> Alok
> >> ----- Original Message -----
> >> From: alok <[email protected]>
> >> To: <[email protected]>; <[email protected]>
> >> Sent: Saturday, November 02, 2002 4:26 AM
> >> Subject: Re: ICANN Targets DDoS Attacks
> >>
> >>
> >>
> >>
> >>> The first, dropping broadcasts destined to your customers, is possibly
> >>> doable, but not trivial.
> >>
> >> ------> IGP learnt networks .. a small tweaky bit which learns
broadcast
> >> addresses via the networks in the IGP wud help (again summarization wud
make
> >> it bad)
> >>
> >>> The second, catching all broadcasts coming
> >>> in, out, or just passing through, is pretty much impossible.
> >>
> >> -----> a very small percentage cud be blocked if u were willing to link
this
> >> to BGP learnt networks..at least those are "complete networks", not
> >> subnetted....
> >>
> >> ofcourse its a very small portion, mebbe u cud ask guys to send more
> >> specific BGP routes from now....
> >>
> >> -A
> >>
> >>
> >>
> >>
> >>
> >