CLM> From: Christopher L. Morrow
CLM> This can be VERY dangerous, the default part atleast. At one CLM> point we, as an experiment in stupidity (it turns out) CLM> announced 0/1 (almost default). We quickly recieved well CLM> over 600kpps to that announcement. This in a very steady
Announced via IGP or BGP? I hope/assume the former, but am somewhat surprised at the traffic volume... even for UUNet.
I'm not surprised. My experience with defaults in ISPs is the same. The router advertising the default (or any large prefix) becomes a "packet vacuum" for any spoofed source packet returning backscatter and all those other auto-bots and worms looking for vulnerable machines. It turns the router into a sink hole. What saves many providers today is that these large route injections are spread across all their peering routers. This is like anycasting the prefix advertisements. People are discussing is putting these advertisements on anycasted Sink Holes. So instead of having the CIDR prefixes and the Null 0 lock-ups on the peering routers, you would put them on anycast Sink Hole routers. The anycast spreads the packet black hole load over several sink holes spread over the network. Barry