North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: What do you want your ISP to block today?
- From: Jack Bates
- Date: Sat Aug 30 12:37:29 2003
Rob Thomas wrote:
Yes. While I hate to admit it, the one thing worse than not applying
filters is applying them incorrectly. A good example would be the icmp
rate limits. It's one thing to shut off icmp, or even filtering 92 byte
icmp. The second one rate-limits icmp echo/reply, they just destroyed
the number one network troubleshooting and performance testing tool. If
it was a full block, one would say "it's filtered". Yet with rate
limiting, you just see sporatic results; sometimes good, sometimes high
latency, sometimes dropped.
Oh, good gravy! I have a news flash for all of you "security experts"
out there: The Internet is not one, big, coordinated firewall with a
handy GUI, waiting for you to provide the filtering rules. How many
of you "experts" regularly sniff OC-48 and OC-192 backbones for all
those naughty packets? Do you really want ISPs to filter the mother
of all ports-of-pain, TCP 80?
Filter edges, and if you apply a backbone filter, apply it CORRECTLY!
Rate-limiting icmp is not correctly.