I think the argument taken up for or against uRPF-loose deployment
depends largely on the ability of the provider to implement it without
1) performance impact or 2) network upgrades. Argument against it on the
grounds of I can't accurately measure its value is a smoke screen.
We have
minutes or
less. Now is a response the opening of a ticket or the null routing of
the attack traffic in 15 minutes?
Jason
-Original Message-
From: Suresh Ramasubramanian [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 03, 2004 7:21 PM
To: Randy Bush
Cc: [EMAIL PROTECTED]; Lumenello
and accept more
than just /32's within their address space. FWIW.
Also, we are utilizing Juniper's DCU for tracebacks, which makes life MUCH
easier when tracing an attack. :-) SNMP polling the DCU counters
every few minutes is relatively fast and painless, and provides quick results.
Mark
Lumenello
-Original Message-
From: Christopher L. Morrow [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 04, 2004 11:50 AM
To: Lumenello, Jason
Cc: Suresh Ramasubramanian; Randy Bush; [EMAIL PROTECTED]
Subject: RE: UUNet Offer New Protection Against DDoS
On Thu, 4 Mar 2004, Lumenello
XO set up a similar customer community last year for our customers to
trigger their own black hole at our edge. There is no such thing as an
original idea. :) This promised response probably means if you press 3
on your phone, you will get a CSR to open a ticket within 15 minutes.
Sounds like
I struggled with this, and came up with the following.
We basically use a standard route-map for all customers where the first
term looks for the community. The customer also has a prefix-list on
their neighbor statement allowing their blocks le /32. The following
terms (term 2 and above) in the
restrictions or maintain two sets of customer prefix/access lists.
Jason
-Original Message-
From: Lumenello, Jason
Sent: Wednesday, March 03, 2004 4:52 PM
To: 'Stephen J. Wilcox'; james
Cc: [EMAIL PROTECTED]
Subject: RE: UUNet Offer New Protection Against DDoS
I struggled