Over a decade of DDOS--any progress yet?

• Previous message (by thread): Over a decade of DDOS--any progress yet?
• Next message (by thread): Over a decade of DDOS--any progress yet?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 8 Dec 2010, at 15:12, Dobbins, Roland wrote:

> 
> On Dec 8, 2010, at 10:10 PM, Thomas Mangin wrote:
> 
>> Until this is sorted I believe flowspec will be a marginal solution.
> 
> We're seeing a significant uptick in flowspec interest, actually, and S/RTBH has been around for ages.

Great to hear :)

But my point is still valid, Flowspec is great if you are are a backbone and are performing the filtering, or if you want to filter outgoing traffic. If you are a smaller network, you need the filtering to be performed by your transit provider, as your uplink will otherwise be congested. So I will stand by my comment that flowspec would see a bigger uptake if T1 could accept the flowspec routes, which they will only do once they can filter them (to insure correctness and resource protection).

Thomas

PS : Someone need to add IPv6 support to the RFC :p

• Previous message (by thread): Over a decade of DDOS--any progress yet?
• Next message (by thread): Over a decade of DDOS--any progress yet?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]