[118544] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: ISP port blocking practice

daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Oct 23 01:30:17 2009

To: Jon.Kibler@aset.com
In-Reply-To: Your message of "Thu, 22 Oct 2009 22:36:13 EDT."
	<4AE1169D.2040409@aset.com>
From: Valdis.Kletnieks@vt.edu
Date: Fri, 23 Oct 2009 01:29:01 -0400
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

--==_Exmh_1256275741_3496P
Content-Type: text/plain; charset=us-ascii

On Thu, 22 Oct 2009 22:36:13 EDT, Jon Kibler said:

>    4) Never allow traffic to ingress any network if the source address is bogus.

4a) Never flag a source address as bogus unless you can verify it is bogus
*today*, not when you installed the filter.  Out of date bogon filters are evil.


--==_Exmh_1256275741_3496P
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001

iD8DBQFK4T8dcC3lWbTT17ARAoqJAJ9cc3z8LD/IlW2e4CIa0acfcSCgRgCfc8q8
uaswK45d1osOZ0YfvUR8Ngk=
=gmtG
-----END PGP SIGNATURE-----

--==_Exmh_1256275741_3496P--


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[118544] in North American Network Operators' Group

Re: ISP port blocking practice

daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)Fri Oct 23 01:30:17 2009

daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Oct 23 01:30:17 2009