North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: down sev0?

  • From: Fergie
  • Date: Thu Oct 26 01:21:08 2006

I don't want to detract from the heat of this discussion, as
important as it is, but it (the discussion) illustrates a point
that RIPE has recognized -- and is actively perusing -- yet, ISPs
on this continent seem consistently to ignore: The consistent
implementation of BCP 38.

It is nothing less than irresponsible, IMO...

Why _is_ that?

- ferg

-- "Patrick W. Gilmore" <[email protected]> wrote:


There is no single "appropriately[sic] place" which can absorb  
50Mpps.  If you meant "appropriately placed" (as in topologically  
dispersed locations), a well crafted attack could still guarantee _at  
least_ a partial DoS from an end user PoV.

It is essentially impossible to distinguish end-user requests from  
(im)properly created DoS packets (especially until BCP38 is widely  
adopted - i.e. probably never).  Since there is no single place - no  
13 places - which can withstand a well crafted DoS, you are  
guaranteed that some users will not be able to reach any of your  
listed authorities.

This is not speculation, this is fact.  All a good provider can do,  
even with 1000s of server, is minimize the impact of any DoS.


"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 ferg's tech blog: