UUNet Offer New Protection Against DDoS
Christopher L. Morrow
christopher.morrow at mci.com
Fri Mar 5 23:58:38 UTC 2004
On Fri, 5 Mar 2004, Steve Francis wrote:
> Christopher L. Morrow wrote:
>
> >
> >
> >uRPF in the core seems like a bad plan, what with diverse routes and such.
> >Loose-mode might help SOME, but really spoofing is such a low priority
> >issue why make it a requirement? Customer triggered blackholing is a nice
> >feature though.
> >
> >
> >
> Obviously loose-mode.
> Spoofing may not be the current weapon of choice, but why not encourage
> the best net infrastructure?
>
Loose mode will not save you very much, many larger backbones route lots
of 'unused' or 'unallocated' ip space internally for various valid
reasons, some even related to security issues for their customers. So,
does stopping rfc-1918 (maybe) space help much? not really... atleast not
that I can see. Many flooding tools now flood from legittimate space, so
the ONLY way to limit this is by filtering as close to the device sourcing
the packets as possible. Nebulous filtering and dropping of miniscule
amounts of traffic in the core of a large network is just a waste of
effort and false panacea.
--Chris
(formerly chris at uu.net)
#######################################################
## UUNET Technologies, Inc. ##
## Manager ##
## Customer Router Security Engineering Team ##
## (W)703-886-3823 (C)703-338-7319 ##
#######################################################
More information about the NANOG
mailing list