Real-Time Mitigation of Denial of Service Attacks Now Available With AT&T

Erik Haagsman erik at we-dare.net
Fri Jun 4 14:06:31 UTC 2004


On Thu, 2004-06-03 at 21:10, Jeff Aitken wrote:
> You missed what I was getting at.  You asserted that only very small
> ISPs (i.e., those using 36xx-class hardware) are subject to ACL
> problems.  There are many large-ish ISPs still stuck with some
> amount of obsolete hardware. 

OK, sorry about the confusion...I see where your going now.

>  My point was that while it's easy for
> someone whose network consists of 10 routers to say "well gee,
> upgrade already" it's not that easy when your network includes
> hundreds or thousands of components that need to be upgraded or
> replaced, to the tune of several million dollars.

True, but no-one is saying the entire network should be done in one fell
swoop. Eventually, larger companies WILL have to replace outdated
components and when they do they can replace them and at the same time
make sure ACL's or uBRF or whatever you use is in place. And before
that, you could at least make sure your newer equipment that CAN easily
take ACLs is properly configured. Currently most larger companies do
neither, always pointing out the cost of doing a huge network wide
upgrade that in actuality no-one is expecting them to do. Even if only a
percentage of a large ISP's network (especially xDSL and HFC services)
is properly configured, it'll save a lot of grief, cutting maintenance
cost for the ISP itself as well as causing less headaches for other
companies. And over time you just gradually update parts where you're
replacing equipment that's at the end of it's lifecycle anyway.


Cheers,

-- 
---
Erik Haagsman
Network Architect
We Dare BV
tel: +31(0)10 7507008
fax:+31(0)10 7507005
http://www.we-dare.nl





More information about the NANOG mailing list