UUNet Offer New Protection Against DDoS
Christopher L. Morrow
christopher.morrow at mci.com
Sat Mar 6 06:12:48 UTC 2004
On Fri, 5 Mar 2004, Dan Hollis wrote:
> On Fri, 5 Mar 2004, Christopher L. Morrow wrote:
> > the packets as possible. Nebulous filtering and dropping of miniscule
> > amounts of traffic in the core of a large network is just a waste of
> > effort and false panacea.
>
> uunet does operate lots of dialup RAS though correct? any reason why urpf
> is not reasonable there?
For some sure, for others perhaps not :( We have some customers with
dedicated networks over dial, some with dial-backup and even some with dsl
backup.
>
> just because its not perfect and doesnt solve every problem doesnt mean
> its useless.
>
Sure, I'm just not really sure that the core is the right place to do
this... I agree that the edge is a fine place, I'd prefer not my edge :)
but the edge is the right place. You can make all the decisions correctly
there, you can not in the core.
> miniscule amounts of traffic in uunet's core is still enough to ddos many
> a victim into oblivion. anyone who has been ddos'd by uunet customers can
> appreciate that.
miniscule is enough to cause problems in anyone's network.... the point
here was: "Core isn't the right place for this" I wasn't really trying to
argue the 'urpf is good' or 'urpf is bad' arguement, just the placement.
Sorry if I made that confusing earlier.
--Chris
(formerly chris at uu.net)
#######################################################
## UUNET Technologies, Inc. ##
## Manager ##
## Customer Router Security Engineering Team ##
## (W)703-886-3823 (C)703-338-7319 ##
#######################################################
More information about the NANOG
mailing list