spare swamp space?
bross at mindspring.net
Thu Aug 20 21:25:43 UTC 1998
On Wed, 19 Aug 1998, Alex Bligh wrote:
> Yeah, if you discard at the end of your upstream provider's link, then
> that link will get saturated if you are smurfed enough. Last time we
> had a really bad one, we were looking at 6-10Mb/s which was not enough
> to saturate transit DS-3s, but enough to saturate a few bits of internal
> network (us international providers have the odd small line here and
> there). Obviously the further upstream you put it the better.
See that's the beauty of using either the swamp space or, if I have to and
can negotiate it, private space. The echo-replies get dropped right at
their source since there's no route back to me.
> One of the problems here is lack of interest from peers and upstreams. If
> you catch their interest at sales time rather than at abuse time
> (i.e. you configure something similar into their router on setup),
> that would be optimal.
This is exactly what I'm doing going forward with new external
connectivity. One of the questions I will have of all future transit
negotiations will be to ask if they are willing to trace spoofed traffic
and to ask if they will commit to a reasonable turnaround time to get
their customer's amplifying networks fixed once reported.
Brandon Ross Network Engineering 404-815-0770 800-719-4664
Director, Network Engineering, MindSpring Ent., Inc. info at mindspring.com
Stop Smurf attacks! Configure your router interfaces to block directed
broadcasts. See http://www.quadrunner.com/~chuegen/smurf.cgi for details.
More information about the NANOG