Re: Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?)

[Paul Vixie <vixie () vix com>]

> As attacks evolve and transform are we really to believe that rate
> limiting icmp will have some value in the attacks of tomorrow?

no.  nor those of today.  the only way we're going to flatten the increase
of attack volume, or even turn it into a decrease, is with various forms of
admission control which are considered "the greater evil" by a lot of the
half baked civil libertarians who inhabit the internet at layer 9.

for example, edge urpf.  for example, full realtime multinoc issue tracking.
for example, route filtering based on rir allocations.  for example, peering
agreements that require active intermediation when downstreams misbehave.

"you can have peace.  or you can have freedom.  don't ever count on having
both at once." -LL (RAH)
-- 
Paul Vixie