[26800] in North American Network Operators' Group
Re: ICMP rate limiting on EGRESS (Warning, operational content inside)
daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)
Mon Jan 17 10:22:44 2000
From: bmanning@vacation.karoshi.com
Message-Id: <200001171552.HAA14758@vacation.karoshi.com>
To: sthomas@lart.net (Sam Thomas)
Date: Mon, 17 Jan 2000 07:52:26 -0800 (PST)
Cc: randy@psg.com (Randy Bush), amb@gxn.net (Alex Bligh),
nanog@merit.edu
In-Reply-To: <20000117091303.A9357@lart.net> from "Sam Thomas" at Jan 17, 2000 09:13:03 AM
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
> > > Is this a good idea?
> >
> > seems to me that there's sufficient chance that it is a REALLY good idea,
> > that folk should seriously try it.
>
> ideas that good should have been implemented a long time ago. OTOH, I am
> of the opinion that the real problem is neither ICMP nor IP directed
> broadcast. the real problem, as I see it, is spoofed-source packets. the
> ....
>
> upon further pondering, I came up with this variation on a time-honored
> favorite:
> the solution: cheap, easy, correct...pick 2.
Source routing and connection based services are creaping into
the Internet, slowly but surely. Both are a far cry from the
destination forwarding and connectionless service that I grew
up with.
--bill
