[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-opsec-filter-caps-08.txt
On Jun 28, 2007, at 9:01 AM, Danny McPherson wrote:
Was this an oversight or aim I missing
something?
I think the idea is to note that while (hopefully) mitigating the
effects of the attack for the target(s), the imposition of such
filters would then break any PMTU-D from the perspective of those
target(s) as long as it was left in place (which may well be an
acceptable tradeoff in exchange for ameliorating the effects of a
substantial ICMP-based DDoS, of course), and of course many temporary
measures tend to become permanent due to operational entropy. The
verbiage should probably be massaged a bit to more accurately reflect
this.
----------------------------------------------------------------------
Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice
Equo ne credite, Teucri.
-- Laocoön