[ppml] 4.4.2 Micro-allocations for anycast services
Owen DeLong
owen at delong.com
Tue Apr 11 11:10:53 EDT 2006
--On April 11, 2006 10:07:41 AM -0400 Scott Leibrand
<sleibrand at internap.com> wrote:
> On 04/11/06 at 10:00am -0400, Owen DeLong <owen at delong.com> wrote:
>
>> However, because at least part of the intent of many anycast
>> implementations is to overcome DDoS, it is at least desirable in many of
>> those cases to be able to put your anycast stuff in a block that is not
>> directly associated with your existing infrastructure.
>
> Perhaps. This strikes me as a "security through obscurity" argument,
> though.
>
Not exactly.
A lot of DDoS stuff scans contiguous address ranges. If your
DDoS resistant targets are in a /24 that is part of your larger
blocks, then, the scans are not at all unlikely to spill over
into your non-resistant unicast services. If your anycast
stuff is in a non-contiguous block, this is less likely.
The overall impact to the routing table remains the same.
>> Just out of curiosity, does the information above address your quibble?
>
> I'm not sure. I'm having a hard time coming up with any strong opinions
> on this subject. I think I used them all up on PI. :)
>
LOL
Owen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20060411/adcaa020/attachment.sig>
More information about the ARIN-PPML
mailing list