On Wed, Feb 10, 2010 at 3:00 PM, David Hubbard <dhubbard@dino.hostasaurus.com> wrote:
Residential computers with enough bandwidth to DoS hosting providers; that should be fun. Maybe it will
Enough to DoS hosting providers based on _current_ practices. If 1g FTTH catches on, hosting providers will probably want 10/100 Gigabit transfer technology in a short time. For now.. with 1gigabit residential connections, BCP 38 OUGHT to be Google's answer. If Google handles that properly, they _should_ make it mandatory that all traffic from residential customers be filtered, in all cases, in order to only forward packets with their legitimately assigned or registry-issued publicly verifiable IP prefix(es) in the IP source field. Must be mandatory even for 'resellers', otherwise there's no point. And Google should provide _reasonable_ response to investigate manual abuse reports to well-publicized points of contact which go directly to a well-staffed dedicated abuse team, with authority and a clear and expeditious resolution process, as a bare minimum, and in addition to any and all automatic measures. P.S. reasonable abuse response is not defined as a 4-day delayed answer to a 'help, no contact addresses will answer me' post on nanog (long after automated processes finally kicked in).. Reasonable response to a continuous 1gigabit flood or 100 kilopacket flood should be less than 12 hours. If they think things through carefully (rather than copy+paste Google groups e-mail abuse management), it'll probably be alright -- -J