[nycbug-talk] [announce] Tonight: NYC*BUG at the Soho Apple Store

Alex Pilosov alex at pilosoft.com
Fri Jun 15 11:09:43 EDT 2007 

On Fri, 15 Jun 2007, Miles Nordin wrote:

> >>>>> "a" == alex  <alex at pilosoft.com> writes:
> 
>      a> Wrong. These are your bits, you requested them, you pay for
>      a> them, you deal with them.
> 
> I think the idea is that netadmins at ISP's need to show some
> stewardship over the part of the Internet they control, just as
> sysadmins did very diligently and aggressively with the spam problem. I
> don't see that happening so far.
>
> I'm in Dubai right now setting up some 6500's on a dark fiber ring. It's
> kinda fun, and easy.  one thing I found in reading about them is:
I'm sorry (for your customers). 

<snip>

> some of this only a few months old in the 6500.  and it seems to have
> lots of limitations.  but, it's there, and it's meant specifically for
> building the beginnings of an anti-DDoS architecture.  uRPF is an old
> idea, and it looks now like we are just now getting hardware that can do
> it performantly.
No, uRPF has really nothing to do with DDOS. The DDOS traffic is not 
spoofed. Try again.


> Long-term I think we need some way to recognize infected windows
> machines and turn off their accounts, and we need to give ISP's that
> host infected windows machines some incentive for doing this.  At this
> point, not only is that ability far away tools-wise, but I don't think
> ISP's would be willing to do it because it would upset customers and
> load their support lines, so they don't give a shit and say ``never
> mind, the web hosters are requesting to receive massive extortionist
> attacks from our virus-cesspool customer APRU-farm.'' DDoS is a problem
> that Level3 customers cause for Cogent customers, so the division
> between Interweb ISP's and hosting ISP's means the incentive is
> missing---if people are just going to be small businessmen rather than
> stewards, this DDoS problem will never be solved.
There aren't good tools nor cooperation at the moment. There are many
smart people working on this, though, and maybe in X years we'll have 
something. 

-alex

More information about the talk mailing list