Pascal Gloor wrote: > > I know how huge this can be, but I think its now time to go forward and to > find a global solution to STOP this definively or at leave know how to stop > when it occurs... > You need a driving license to dirve on the road, but we have no 'laws' on > the net... I know the internet is considered as free, open, etc... but I m > sure we all agree that we need to find a solution... a good starting point > would be the IXPs we have. Paolo, Andre, what are you peak bandwidth on > your IX switches? Is ther any technical way to collect datas?
In my opinion the IXPs are not a good place to monitor or filter such things. First of all my service is *not* to interfere with the IP traffic. As an IXP I only give the ISPs a common layer 2 switch where you can exchange traffic. Another major problem is that the IXPs don't see that much traffic and even the traffic we see is only the local one between ISPs. So our test set isn't nearly large enough to detect a DDoS. Probably most of the traffic will clog your upstreams. Next is who decides what actually is a DDoS and not just high demand due to some extraordinary or even planned event? As and IXP we don't have enough insight to distinguish good from bad. Another problem, do all ISPs connected to an IXP have to participate and subscribe to that monitoring? And what happens if we dectect a DoS coming from one ISP? Shall we shut down the port? Filter certain IP addresses? With all this we introduce even more ways to DoS the Internet because someone knowledgeable would simply trigger these detectors and then the DoS is no longer the traffic overload but the DoS filter. In the end we come to the Australian paradoxon. Do we really solve the rabbit problem by putting foxes there? Or do the foxes simply kill other, much easier to hunt animals and then we have a rabbit and fox problem? Here and also with all that Terrorists hype we have to be careful that the cure is not worse than the disease. -- Andre ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
