On Thu, 4 Sep 2003, Matt Ploessel wrote:
With the exception of RPC1918 reserved address space (note the previous rootserver query problem), what amount of bogus sourced traffic is stopped by bogons on a major backbone? I would say _alot_ of DDoS traffic, however how hard is it for a DDoS client to know the bogon ip ranges and skip them? I'm a very strong supporter of the bogons and especially the bogons route servers without a doubt, but possibly null route RFC1918 traffic to loopbackX(no ip unreachable, ACL etc.) and the rest of the bogons to null0 just to so a general consensus/statistics of hits on major backbones can be compiled.
keep in mind its not destination addresses that are the problem here, BUT if it was, on an experiment (not a very smart one) we routed 0/1 to a lab system inside 701 once in 2001 (as I recall, so before nimda/code-red/blaster) and recieved +600kpps of garbage traffic as a result. Trying to acl/analyze/deal-with that flow was almost impossible... I'm not sure what you want to do with it today when our 'sinkhole' network is consistently handling +20kpps (5x previous) MORE of random garbage than 3 weeks ago, before blaster/nachi started to cause more pain :(