Internet vulnerabilities

Marshall Eubanks tme at multicasttech.com
Thu Jul 4 23:46:42 UTC 2002


On 04 Jul 2002 11:48:47 -0700
 Paul Vixie <vixie at vix.com> wrote:
> 
> mike at sentex.net (Mike Tancsa) writes:
> 
> > ...  Still, I think the softest targets are the root name servers.  I was
> > glad to hear at the Toronto NANOG meeting that this was being looked into
> > from a routing perspective.  Not sure what is being done from a DoS
> > perspective.
> 
> Now that we've seen enough years of experience from Genuity.orig, UltraDNS,
> Nominum, AS112, and {F,K}.root-servers.net, we're seriously talking about
> using
> anycast for the root server system.  This is because a DDoS isn't just
> against
> the servers, but against the networks leading to them.  Even if we provision
> for a trillion packets per second per root server, there is no way to get
> the whole Internet, which is full of Other People's Networks, provisioned at
> that level.  Wide area anycast, dangerous though it can be, works around
> that.
> 

Is this the anycast based on MSDP ?

Regards
Marshall Eubanks


> See www.as112.net for an example of how this might work.  "More later."
> -- 
> Paul Vixie




More information about the NANOG mailing list