Home page logo

nanog logo nanog mailing list archives

Re: preventing future situations like panix
From: Josh Karlin <karlinjf () cs unm edu>
Date: Mon, 23 Jan 2006 16:30:17 -0700

It seems like most of the routers which would need to make this decision
wouldn't have adequate information upon which to do so...

not necessarily.  the decision could be made in "near real time" by
building prefix filters based on the algorithms that josh and co have
worked on and leaving a 'default deny' in place.  this moves the
routing decision off of the router (which i agree does not have the
history or resources to take these additional vectors of information
into account) and over to a server with more storage and computational

The 'core' routers are definitely the best informed, though other ASs
which are multi-homed also come across a substantial bit of
information through updates.  Yet if only the core ASs were to run
such a solution, it would be sufficient to suppress most attacks for
at least a day.  The paper has more detail on that situation.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]