North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: dsl providers that will route /24
- From: John Fraizer
- Date: Fri Mar 30 03:49:07 2001
On Thu, 29 Mar 2001, David Schwartz rambled on as if he had a CLUE about:
> > Source filters would mean that those attacks would be identifiable
> > period, which they are not now.
> Not so. You could still never be sure whether the attack was spoofed or
> not. That the address the attacks appear to come from employ source filters
> doesn't help you.
David, you're only showing the WHOLE WORLD that you DON'T KNOW WHAT THE
^#&* YOU'RE TALKING ABOUT!!!!!!
If someone tries to source an address we don't allow, it DIES INSIDE OUR
NETWORK *AND LOGS AN ATTEMPT*!!!
Lets look at this. It *DID NOT* make it out to the global internet and it
*DID* catch our attention. *WIN WIN SITUATION*!!!!!!!!!
Tell me where I'm wrong. PLEASE!
> At least if they're spoofed and the origin network logs packets
> that appear spoofed, the one off attack will be investigated and
> whatever caused it to happen will be actually fixed. If it's not
You can NOT be this uneducated, can you? How can ALLOWING the attack to
take place by not filtering be any better than BLOCKING it and seeing in
the logs that it was attempted and thumping the appropraite customer?
I've watched this go on for a week and I've come to the (hopefully
mistaken) conclusion that you're just a lazy ass who refuses to do
PREVENTATIVE filtering in hopes that there won't be a problem.
The ONLY reason you could have for NOT filtering is that you hope that the
NOC of the network being DoS'd will be able to track YOUR network down as
a source and THUMP you their self!
Either that or your customers are such dumb %&cks that they can't manage
to tell you what source IP's they'll have.... In which case, THEY SHOULD
BE FILTERED 100x over to begin with!
> spoofed, it won't trigger anything at its origin, and odds are the
> origin site will be unable to do anything because the attack may have
> been spoofed and there will be no local logs.
What are you talking about? LOG AT INGRESS!!!! Investigate the
logs. It's that simple. You just seem too %&*#^%#* lazy to do so.
> So long as spoofing is possible, you cannot be sure where an attack came
> from unless you can either log it at its source or trace the stream to its
> source. That's the problem, and filters don't fix that.
Son, spoofing is possible AS LONG AS INGRESS CONNECTIONS ARE NOT FILTERED
BY SOURCE ADDRESS!
I'm tired and bored of people like you. Plain and simple. Consider
yourself filtered as a preventative measure.
My sentiments EXACTLY.