[26796] in North American Network Operators' Group
Re: ICMP rate limiting on EGRESS (Warning, operational content inside)
daemon@ATHENA.MIT.EDU (Sam Thomas)
Mon Jan 17 04:15:02 2000
Date: Mon, 17 Jan 2000 09:13:03 +0000
From: Sam Thomas <sthomas@lart.net>
To: Randy Bush <randy@psg.com>
Cc: Alex Bligh <amb@gxn.net>, nanog@merit.edu
Message-ID: <20000117091303.A9357@lart.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <E12A3Qr-000GCT-00@rip.psg.com>; from Randy Bush on Sun, Jan 16, 2000 at 08:06:21PM -0800
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, Jan 16, 2000 at 08:06:21PM -0800, Randy Bush wrote:
>
> > Is this a good idea?
>
> seems to me that there's sufficient chance that it is a REALLY good idea,
> that folk should seriously try it.
ideas that good should have been implemented a long time ago. OTOH, I am
of the opinion that the real problem is neither ICMP nor IP directed
broadcast. the real problem, as I see it, is spoofed-source packets. the
others are scapegoat accoplices which are more easily corrected, and
therefore more susceptible to brute-force corrective action. there has
been talk, and even a few implementations to correct the real problem, but
it has not gotten the attention or corrective action that it deserves.
perhaps this is because it is impractical to dial into every ISP's modem
banks and determine if they allow spoofed-source packets for the purpose
of creating the ever popular black-list of naughty network operatort.
upon further pondering, I came up with this variation on a time-honored
favorite:
the solution: cheap, easy, correct...pick 2.
