[17924] in North American Network Operators' Group
Re: Government scrutiny is headed our way
daemon@ATHENA.MIT.EDU (Kent W. England)
Wed Jun 17 11:42:28 1998
Reply-To: "Kent W. England" <kwe@geo.net>
From: "Kent W. England" <kwe@geo.net>
To: "Jon Lewis" <jlewis@inorganic5.fdt.net>, "Karl Denninger" <karl@mcs.net>
Cc: <nanog@merit.edu>
Date: Wed, 17 Jun 1998 07:17:29 -0700
If software from OFRV can do ingress source address checking without
performance penalty on edge devices, it should be included as a default. It
doesn't make sense to me to run around yelling about strange people in your
house if there is technology that can bar entry. Install the lock that is
already there and lock the door.
We just have to get creative about describing the inclusion of the feature,
attendance at a congressional hearing, a demonstration at an industry
conference, and a well written press release about how "we" are doing
something about the problem. IOPS could do this. NANOG's press secretary or
executive director could do this. :-)
--Kent
From: Jon Lewis <jlewis@inorganic5.fdt.net>
>
>On IOS, aren't packets going through ip access-group filters (that don't
>do logging) fast switched as of some point in 11.2? If ingress filtering
>no longer has to put a huge burdon on router CPUs, it would be nice to see
>ingress filtering on the routers backbone providers talk to customers
>with ...