nanog mailing list archives
RE: Real-Time Mitigation of Denial of Service Attacks Now Available With AT&T
From: "Michel Py" <michel () arneill-py sacramento ca us>
Date: Wed, 2 Jun 2004 09:26:27 -0700
Woulda, shoulda. If it is so simple, how come not everyone does it? -----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of Patrick W.Gilmore Sent: Wednesday, June 02, 2004 9:17 AM To: nanog () merit edu Cc: Patrick W.Gilmore Subject: Re: Real-Time Mitigation of Denial of Service Attacks Now Available With AT&T On Jun 2, 2004, at 11:35 AM, Michel Py wrote:
Jon R. Kibler wrote: IMHO, there is absolutely no excuse for not doing ingress and egress filtering. In fact, if you are an ISP, I would argue that you are negligent in your fiduciary responsibilities to your customers and shareholders if you are not filtering source IP addresses.Hey, I'm all for it. Where's the money and the staff?
The money is from your customers, and the staff is your staff. This scales nicely as the number of customers you have, and therefore your money and staff, is directly related to the effort you have to put into the system. The Internet is a collective. The whole thing does not work if everyone does not help to keep the whole, well, whole. If DDoS gets out of hand, if BGP churn is too high, if spam gets out of hand, if, if, if. Of course, if everyone filtered ISPs who did not validate the source IPs of packets originating in their network the way some networks filter spam sources, the problem would likely correct itself quickly. The problem is figuring out which providers do not validate source addresses since, by definition, the problem we are discussing are spoofed source addresses.... =) -- TTFN, patrick
Current thread:
- RE: Real-Time Mitigation of Denial of Service Attacks Now Available With AT&T Michel Py (Jun 02)
- Re: Real-Time Mitigation of Denial of Service Attacks Now Available With AT&T Patrick W . Gilmore (Jun 02)
- RE: Real-Time Mitigation of Denial of Service Attacks Now Available With AT&T Pekka Savola (Jun 02)
- <Possible follow-ups>
- RE: Real-Time Mitigation of Denial of Service Attacks Now Available With AT&T Michel Py (Jun 02)
- Re: Real-Time Mitigation of Denial of Service Attacks Now Available With AT&T Patrick W . Gilmore (Jun 02)
- Re: Real-Time Mitigation of Denial of Service Attacks Now Available With AT&T Jon Lewis (Jun 02)
- Re: Real-Time Mitigation of Denial of Service Attacks Now Available With AT&T Alexei Roudnev (Jun 02)
- Re: Real-Time Mitigation of Denial of Service Attacks Now Available With AT&T Richard Cox (Jun 02)
- RE: Real-Time Mitigation of Denial of Service Attacks Now Available With AT&T Edward B. Dreger (Jun 04)
- Re: Real-Time Mitigation of Denial of Service Attacks Now Available With AT&T Patrick W . Gilmore (Jun 02)
- RE: Real-Time Mitigation of Denial of Service Attacks Now Available With AT&T Michel Py (Jun 02)
- RE: Real-Time Mitigation of Denial of Service Attacks Now Available With AT&T Michel Py (Jun 02)
- RE: Real-Time Mitigation of Denial of Service Attacks Now Available With AT&T Krichbaum, Eric (Jun 03)
- Message not available
- RE: Real-Time Mitigation of Denial of Service Attacks Now Available With AT&T Daniel Senie (Jun 03)
- Message not available
- Re: Real-Time Mitigation of Denial of Service Attacks Now Available With AT&T Alexei Roudnev (Jun 03)