preventing future situations like panix
Josh Karlin
karlinjf at cs.unm.edu
Mon Jan 23 23:30:17 UTC 2006
> > It seems like most of the routers which would need to make this decision
> > wouldn't have adequate information upon which to do so...
>
> not necessarily. the decision could be made in "near real time" by
> building prefix filters based on the algorithms that josh and co have
> worked on and leaving a 'default deny' in place. this moves the
> routing decision off of the router (which i agree does not have the
> history or resources to take these additional vectors of information
> into account) and over to a server with more storage and computational
> capacity.
The 'core' routers are definitely the best informed, though other ASs
which are multi-homed also come across a substantial bit of
information through updates. Yet if only the core ASs were to run
such a solution, it would be sufficient to suppress most attacks for
at least a day. The paper has more detail on that situation.
More information about the NANOG
mailing list