aggregation & table entries
dr at cluenet.de
Thu Oct 14 20:27:57 UTC 2004
On Thu, Oct 14, 2004 at 08:35:50PM +0200, Iljitsch van Beijnum wrote:
> >And what do you do with a BGP customer which sends you traffic from
> >prefixes he doesn't want to announce to you? There are such customers.
> The whole point of BCP38 is that this isn't supposed to happen.
Unfortunately we are living in reality.
> Yes, these restrictions are a huge pain in the rear end but a denial of
> service without even the possibility to tell where the packets come
> from is MUCH worse.
What you actually want to know is what the ingress interfaces for the
flows are. And if the ingress interface is not a p2p interface, from
which peer. For both problems quite effective solutions do exist
(ok, not really for the latter, but this is highly vendor specific).
Given that most DDoSses are mounted via huge zombie collections, there
is not much point in knowing the real source IPs.
CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0
More information about the NANOG