It seems like most of the routers which would need to make this decision wouldn't have adequate information upon which to do so...
not necessarily. the decision could be made in "near real time" by building prefix filters based on the algorithms that josh and co have worked on and leaving a 'default deny' in place. this moves the routing decision off of the router (which i agree does not have the history or resources to take these additional vectors of information into account) and over to a server with more storage and computational capacity.
The 'core' routers are definitely the best informed, though other ASs which are multi-homed also come across a substantial bit of information through updates. Yet if only the core ASs were to run such a solution, it would be sufficient to suppress most attacks for at least a day. The paper has more detail on that situation.
participants (1)
-
Josh Karlin