"K. Graham" wrote:
On 8 Feb 2000, Sean Donelan wrote:
Date: 8 Feb 2000 03:25:36 -0800 From: Sean Donelan <sean@donelan.com> To: nanog@merit.edu Subject: Yahoo! Lessons Learned
As much as I enjoy finding out about Yahoo & GlobalCenter issues by reading the newswires, I wonder if there are any lessons we can learn from these events. Or was this not big enough to get attention of upper management?
Possibly.
Was there something Yahoo!, GlobalCeneter or other providers could have done, either individually or in cooperation, to prevent the
problem?
Yes. One of the emails sent in, mentioned that a network they work with or for was being utilized as an amplifier. Each network that have gateway routers should ensure that they disallow IP broadcasts.
Please refer to RFC2644/BCP34 on the subject of directed broadcasts. This RFC recommends router vendors disable directed broadcasts by default. It also recommends ISPs disable directed broadcast on ALL routers. In light of the recent events, it would be good to see a concerted effort made by everyone to ensure this has been done. Of course as Paul has mentioned, we wrote RFC 2267 several years ago to address this very issue. I strongly encourage folks to take a hard look at ingress filtering. Hardware vendors have implemented features in dialup servers and routers which can help. While implementing these measures may not directly benefit your network, doing so may thwart an attack against someone else's net. Tomorrow, the roles could be reversed. As with many areas of managing the Internet, cooperation is key. -- ----------------------------------------------------------------- Daniel Senie dts@senie.com Amaranth Networks Inc. http://www.amaranthnetworks.com