Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: dsl providers that will route /24

  • From: Jason Slagle
  • Date: Thu Mar 29 12:43:52 2001



-- 
Jason Slagle - CCNP - CCDA
Network Administrator - Toledo Internet Access - Toledo Ohio
- raistlin@tacorp.net - jslagle@toledolink.com - WHOIS JS10172
/"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
\ /   ASCII Ribbon Campaign  . If dreams are like movies then memories
 X  - NO HTML/RTF in e-mail  .   are films about ghosts..
/ \ - NO Word docs in e-mail .     - Adam Duritz - Counting Crows


On Wed, 28 Mar 2001, David Schwartz wrote:

> 	I'll go one further -- if you're not going to investigate suspicious
> traffic (because it's too expensive or you're too lazy or whatever), it's
> probably better that you filter than not. At least that way you might
> minimize the damage done to others, and that's certainly a good thing.
> 
> 	I don't have a problem with filtering traffic that can't possibly be
> legitimate. If you're one of those people who agrees that packets with
> RFC1918 source IPs have no place on the Internet, then filter that. You can
> even advocate that others filter it, because it has no possibility of
> blocking legitimate traffic.
> 
> 	What I do oppose is militant filtering advocacy where those filters will
> filter out legitimate traffic. ISP's should not feel coerced into "erring on
> the side of security" by filtering their customer's possibly legitimate
> traffic when there are reasonable alternatives. In this case, there is --
> allow, analyze, follow up, filter if and where neccessary.

Thats all well and good if you are going to have someone monitor the logs
of these packets 24x7, but if you have a customer get hacked and start
spewing shitloads of spoofed sourced packets at various networks (Insert
your favorite DDOS Drone here), then the damage is high, immediate, and
done by the time you notice it in most cases.

Jason






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.