UDP port 80 DDoS attack

Keegan Holley keegan.holley at sungard.com
Wed Feb 8 15:12:50 UTC 2012

Providers don't even check the registries for bgp advertisements. See the thread on hijacked routes for proof.   Not to mention how do you handle a small transit AS?  Do you trust that they have the correct filters as well?  Do you start reading their AS paths and try to filter based on the registry for folks down stream?  Then there's the RLDRAM issue.  Most edge boxes will just run out if ACL's.  Lastly there's no contractual obligation to play traffic cop for the entire Internet so providers would be dropping traffic that they can legitimately bill for.

Sent from my iPhone

On Feb 8, 2012, at 4:56 AM, George Bonser <gbonser at seven.com> wrote:

>> No, we have registries to act as registries, the ISPs should be
>> checking them, and double checking.  It isn't something that is going
>> to change every day or every week. Once you get it set up, it is going
>> to be stable for a while.  Sure, it means a little more work in setting
>> up a customer, but it also means that if all your neighbors do the same
>> thing, you field many fewer calls dealing with stupid DoS crap.
> I'll put it another way. Any provider that does not police their customer traffic has no business whining about DoS problems.

More information about the NANOG mailing list