Are you actually saying that providers in the middle should build their networks to accommodate any amount of DDOS traffic their ingress can support instead of filtering it at their edge? How do you expect them to pay for that? Do you really want $10,000/megabit transit costs? Owen --On Friday, October 31, 2003 7:43 AM -0500 Alex Yuriev <alex@yuriev.com> wrote:
It is content filtering. You are filtering packets that you think are causing problems to the ES that you may not control.
No, he said quite clearly he's filtering packets (such as Nachi ICMP) that are causing harm to *his* network. He gets to make a choice - filter the known problem packets so the rest of the traffic can get through, or watch the network melt down and nobody gets anything.
He needs to fix his network so those 92 byte ICMP packets wont break it.
Alex
-- If it wasn't signed, it probably didn't come from me.