North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: M$SQL cleanup incentives

  • From: John Kristoff
  • Date: Fri Feb 21 17:48:25 2003

On Fri, 21 Feb 2003 17:25:46 -0500
William Allen Simpson <[email protected]> wrote:

> I've been pretty disappointed with some of the responses on this
> issue. 

Maybe you won't like this one either, but here goes.

I'd be very interested in hearing how opeators feel about 'pushback'. 
It may make more sense near ingress edges or where there is limited
aggregate capacity on the egress (a bottleneck), but debating that point
is probably secondary.

You can refer to some of the material, particularly by Bellovin, Floyd
and others here:

  <http://www.icir.org/pushback/>

In the simplest scenario, pushback could be similarly deployed to the
way RED is deployed (if you consider that easy or useful or not, I'm not
sure).  Signals do not even necessarily need to propagate to upstream
routers, rather anomalous traffic (based on a simple, hopefully, policy)
could be dropped more aggressively.  This response could be automatic or
require intervention.  I think there are a number interesting properties
to this approach, especially since if it behaves similar as one might
hope, it could still allow some valid traffic through.  Hint: think
about what will happen if a Slammer/Sapphire-like worm hits port
25/53/80 and cannot be easily filtered without affecting all traffic on
those ports.

Coming up with a policy that determines what is anomalous is one of the
hard parts.  Vendor implementation being another, but you can kind of do
this sort of thing already if you're so inclined.
  
Thoughts?

John