On Mon, Jan 17, 2000 at 04:35:58PM +0000, Alex Bligh wrote:
Sean Donelan wrote:
Or is this a case, if we had thought about it, we would have prohibited it at the start; but now its in the wild we don't know how to get it back in the barn.
Mmmm... we got onto this argument by someone implying we wouldn't need this sort of defensive technique (ICMP rate limiting on egress) if source-spoofed weren't transmittable (or weren't widely transmittable).
if we're getting into an argument, then just forget it. I would much rather see a proper discussion of the matter, with useful solutions.
I agree. However as you are demonstrating, whilst getting to this utopia would be great, getting there will take a long time. I'm sure we *might* also fix DoS attacks using some sort of interprovider MPLS or like to provide QoS negotiation (and that'll also give you non-destination based routing) .... and I bet that even if this could be got to work, it would take even longer.
the point I am trying to make is that ICMP rate limiting is duct-tape, and won't fix the problem long-term. rate-limiting at egress points is a good idea, will plug an immediate leak, make the exchanges safer, and help curb a growing problem, but it is not a long-term solution. we need to make a commitment and determine a correct course of action to get to the "utopia" in the long term. it is my fear that as we focus on installing stop-gaps one after the other, we will eventually break legitimate networking. if nobody is interested in working on things that will take a long time to implement, then we are already doomed to failure.
In the mean time, ICMP rate limiting is here now and deployable for most people at these exchangepoints today.
it is exactly this mode of thinking that prevents folks from focusing on good long-term engineering solutions. it's quick, easy, and fixes the problem until it breaks and we have to come up with yet another clever tape-on hack.