On Mon, 22 Jan 2001, Vijay Gill wrote:
From what I can manage to make out of the thread, the impression I get is that people seem to believe that the Tier 1 (what constitutes a tier 1 anyway in todays world?) just needs to throw a switch and turn off a Ddos attack, but that they are too lazy to flip it. Also please realize that just turning off someone's circuit because some j. random person called up and claimed it was sourcing a DDoS attack is often prohibited by policy at various networks, and an exception must be made by senior mgmt in the chain. If every noc just started to turn off interfaces because of a phone call, the results are easy to imagine.
Well, let's take a better example, smurf amps. I have some personal horror stories about running around in circles getting tier1s to turn off their smurf amps originating from their own routers or customers. Eg tier1 router was a smurf amp, it was smurfing, it could be easily verified to smurf, but they would not disable the smurf amp because it would have a "negative impact" on their customers. The fact it was being actively used as a smurf amp didnt seem to matter to them. This was in fact a case of "just flip a switch and turn off the attack". I'm sure others on this list have their share of horror stories as well. The hoops the public had to jump through the past couple years to get tier1s to turn off their smurf amps is mind boggling. And there are tier1s who are *still* actively running smurf amps in their cores. I'm actually suprised noone has filed lawsuits over this. Or maybe someone did and I missed it. -Dan