[AusNOG] NBN must avoid becoming 'failed state'
Richard Pruss
ric at cisco.com
Tue Sep 21 05:39:58 EST 2010
On 20/09/2010, at 8:29 PM, Dobbins, Roland wrote:
> On Sep 20, 2010, at 4:49 PM, Mark Newton wrote:
>
>> Are you now walking-back the suggestion that death-by-DDoS is "more likely"?
>
> At some point in the near future, it *will* become far more likely than death-by-disconnection, since DDoS, end-node malfunctions brought on by malware, et. al. are far more commonplace than disconnections.
>
> Also, please see the bit in the preso about 'leaky' quarantine - whilst the example given was to ensure that VoIP users can still ring emergency services, this applies to other mission-critical applications, as well.
Roland I am far from convinced that a Layer 2 NBN service should or even could have a sensibly defined quarantine. I certainly think the NBN guys should have some "Security Czar" that looks to their own and
works in the community with the security issues and practices.
As for the scalp in hand DDOS scenario, NBN is a layer 2 service and I think we can expect them to deliver their CIR (unpublished, but they said they had one), so with some relatively straightforward
network design we should be able to keep the two theatres running (assume one keeps them off the Internet) when other things around the network are under duress.
More information about the AusNOG
mailing list