nanog mailing list archives

Re: ICANN Targets DDoS Attacks

From: "alok" <alok.dube () apara com>
Date: Tue, 5 Nov 2002 02:07:31 +0530


Hi,

{ this is one "snappy" mailing  list :o) }......

I meant, where can I find the people bouncing ideas on this topic....

-rgds
Alok

----- Original Message -----
From: <bmanning () beguile ip4 int>
To: David Conrad <david.conrad () nominum com>
Cc: <bmanning () vacation karoshi com>; alok <alok.dube () apara com>;
<cjclark () alum mit edu>; <Valdis.Kletnieks () vt edu>; nanog <nanog () merit edu>
Sent: Tuesday, November 05, 2002 5:58 AM
Subject: Re: ICANN Targets DDoS Attacks



ok, so i exploited the ambiguity in the original question.
wrt "active" - there is a sub-group from within the RSSAC
members that seems to be exchanging email on a regular basis
on various response vectors to either diffuse an attack (anycast)
or repel an attack (rate-limits).




On Mon, Nov 04, 2002 at 09:08:44AM -0800, David Conrad wrote:

Just to be clear:

(a) RSSAC is not an IETF working group.  It is an ICANN thing and not open
to the public (last I heard)

(b) "active" in this context must be using a definition of that term that
I'm unfamiliar with.

Rgds,
-drc

On 11/4/02 3:47 PM, "bmanning () vacation karoshi com"
<bmanning () vacation karoshi com> wrote:



yes.  this is a topic of active discussion within
the RSSAC.



is any active working group persuing this matter seriously?

-rgds
Alok
----- Original Message -----
From: alok <alok.dube () apara com>
To: <cjclark () alum mit edu>; <Valdis.Kletnieks () vt edu>
Sent: Saturday, November 02, 2002 4:26 AM
Subject: Re: ICANN Targets DDoS Attacks

The first, dropping broadcasts destined to your customers, is possibly
doable, but not trivial.


------> IGP learnt networks .. a small tweaky bit which learns

broadcast

addresses via the networks in the IGP wud help (again summarization wud

make

it bad)

The second, catching all broadcasts coming
in, out, or just passing through, is pretty much impossible.


-----> a very small percentage cud be blocked if u were willing to link

this

to BGP learnt networks..at least those are "complete networks", not
subnetted....

ofcourse its a very small portion, mebbe u cud ask guys to send more
specific BGP routes from now....

-A

Current thread:

Re: ICANN Targets DDoS Attacks Alex Bligh (Nov 01)
- <Possible follow-ups>
- Re: ICANN Targets DDoS Attacks alok (Nov 04)
  - Re: ICANN Targets DDoS Attacks bmanning (Nov 04)
    - Re: ICANN Targets DDoS Attacks Alex Bligh (Nov 04)
    - Re: ICANN Targets DDoS Attacks alok (Nov 04)
    - Re: ICANN Targets DDoS Attacks David Conrad (Nov 04)
    - Message not available
    - Re: ICANN Targets DDoS Attacks alok (Nov 04)