So.. you want to track some DoS traffic?

Christopher L. Morrow chris at UU.NET
Mon Jul 2 22:23:14 UTC 2001


On Mon, 2 Jul 2001, Alex Bligh wrote:

> > Credit: Credit should go to those listed in the link, UUNET's TAC-Eng
> > group, UUNET's Net-Sec group, UUNET's Customer Router Security Group,
> > dies at pulltheplug.com and a few others I have forgotten.
> 
> Slight sense of Deja Vu.
> 
> Without wishing to blow my own trumpet, from NANOG in 1999:
> 
> http://answerpointe.cctec.com/maillists/nanog/historical/9907/msg00083.html

So basically you've proposed implementing black hole routing via a
community... this is nice and COULD be used by customers, though I'd be
worried about them blackholing something 'important' and not figuring it
out... which is all too common a problem.

We discussed this at implementation/design time and fell back on "we would
rather do it manually, just in case...". Additionally, if someone messed
up the customer's filter and didn't filter their routes they could
accidently drop traffic another customer :( Manual and by a select few
people was the end decision.

Not that it's not a great idea, but BGP is 'hard' and customers (and
providers) routinely screw it up :( Also, your paper doesn't hit the main
thing I was getting at: Tracking the attack... dropping traffic is great
and you can do it in 101 different ways, but the tough part was tracking
it... (at least it was the tough thing we was trying to make less tough).

-Chris




More information about the NANOG mailing list