On Sat, 2 Feb 2002, Pascal Gloor wrote: > Does any ISP represented here do something to avoid spoofing? We are not an ISP, but I can confirm that AS513 applies anti-spoof filters on outgoing traffic from the campus LAN. I can also confirm that DDoS attacks have been seen at CERN, as - I guess - in most other research institutes with a relatively open network.
> I know how huge this can be, but I think its now time to go forward and to > find a global solution to STOP this definively or at leave know how to stop I agree with the principle, but it is not so easy. IMHO the only real solution is systematic deployment of anti-spoof filters, even if I understand that this is not always feasible in practice. My personal experience is that, while ACLs have traditionally been a performance penalty, some more modern network devices handle them in hardware, so at least this argument against ACLs will eventually go away. Unfortunately, others will stay. Hopefully, one day, applying anti-spoofing ACLs will become like dropping RFC1918 routes today. > would be the IXPs we have. Paolo, Andre, what are you peak bandwidth on > your IX switches? Is there any technical way to collect datas? First remark: a large number of CIXP members take advantage of direct back-to-back peerings, whose data is - of course - invisible to any hypotetic DDoS-monitoring. Second remark: our statistics are public and accessible from the CIXP home page http://www.cixp.ch and we didn't see anything special going on in the dates you mentioned (maybe it's our fault, because we were busy with something else, like dealing with the peak you can see on last Monday). Third remark: assuming something like DDoS-monitoring at an IXP were technically feasible with limited resources, we should be reluctant to take DDoS-monitoring data from the IXP infrastructure because it might be seen as violating a basic principle of a neutral exchange, which is non-intrusiveness. Being reluctant now does not mean that the CIXP is against any community-recommended or legally-enforced (Andre can certainly comment better on this specific point) anti-DDoS practice which may come up in the future. I hope you will understand our position. Regards, Paolo ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
