Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: NSPs filter?

  • From: Richard A Steenbergen
  • Date: Mon Aug 05 11:20:42 2002

On Sun, Aug 04, 2002 at 09:15:26PM -0700, Stephen Stuart wrote:
> 
> > IMO, Commercial ISPs should never filter customer packets unless
> > specifically requested to do so by the customer, or in response to a
> > security/abuse incident.
> 
> Let's say the customer operates some big enterprise network, runs
> their infrastructure in RFC1918 space ("for security," hah), and spews
> a couple kilobits of DNS query from that RFC1918 space toward the root
> nameservers. Assume that either pride or ignorance will prevent the
> customer from ever asking you to filter what you know to be garbage
> traffic. Does your rule to "never filter customer packets" mean you're
> going to sit and watch those packets go by?
> 
> If yes, why?

One would hope that, unless there is a complaint, you wouldn't be invading
their private to look at their traffic in the first place.

If a root server operator complained about it, I'd say thats reasonable
grounds to filter it and contact the customer, the same as if they had a
compromised box spewing out DoS.

Filtering piddly stuff like this without consultation is usually unwelcome
at best, and a disruption at worst. It is also a serious investment of
time and acl resources which could be better spent somewhere else. And
lastly, it sets a bad precedent for what ISPs "can" do to proactively
filter. After all, if we "can" do this, why can't we also filter illegal
MP3 exchanges too.

-- 
Richard A Steenbergen <ras@e-gerbil.net>       http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177  (67 29 D7 BC E8 18 3E DA  B2 46 B3 D8 14 36 FE B6)




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.