North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: UUNet Offer New Protection Against DDoS
On Fri, 5 Mar 2004, Dan Hollis wrote: > On Fri, 5 Mar 2004, Christopher L. Morrow wrote: > > the packets as possible. Nebulous filtering and dropping of miniscule > > amounts of traffic in the core of a large network is just a waste of > > effort and false panacea. > > uunet does operate lots of dialup RAS though correct? any reason why urpf > is not reasonable there? For some sure, for others perhaps not :( We have some customers with dedicated networks over dial, some with dial-backup and even some with dsl backup. > > just because its not perfect and doesnt solve every problem doesnt mean > its useless. > Sure, I'm just not really sure that the core is the right place to do this... I agree that the edge is a fine place, I'd prefer not my edge :) but the edge is the right place. You can make all the decisions correctly there, you can not in the core. > miniscule amounts of traffic in uunet's core is still enough to ddos many > a victim into oblivion. anyone who has been ddos'd by uunet customers can > appreciate that. miniscule is enough to cause problems in anyone's network.... the point here was: "Core isn't the right place for this" I wasn't really trying to argue the 'urpf is good' or 'urpf is bad' arguement, just the placement. Sorry if I made that confusing earlier. --Chris (formerly [email protected]) ####################################################### ## UUNET Technologies, Inc. ## ## Manager ## ## Customer Router Security Engineering Team ## ## (W)703-886-3823 (C)703-338-7319 ## #######################################################
|