[26805] in North American Network Operators' Group
Re: ICMP rate limiting on EGRESS (Warning, operational content inside)
daemon@ATHENA.MIT.EDU (Sam Thomas)
Mon Jan 17 12:27:36 2000
Date: Mon, 17 Jan 2000 17:26:07 +0000
From: Sam Thomas <sthomas@lart.net>
To: Sean Donelan <sean@donelan.com>
Cc: bmanning@vacation.karoshi.com, nanog@merit.edu
Message-ID: <20000117172607.C9357@lart.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <20000117160736.22827.cpmta@c004.sfo.cp.net>; from Sean Donelan on Mon, Jan 17, 2000 at 08:07:36AM -0800
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, Jan 17, 2000 at 08:07:36AM -0800, Sean Donelan wrote:
> Or is this a case, if we had thought about it, we would have prohibited
> it at the start; but now its in the wild we don't know how to get it back
> in the barn.
this is my thinking exactly. at least I hope that had the potential for
abuse of spoofed-source been thought about in the early days, that it
would not be something we're battling with hacks now.
clever hacks are nice, but when they are in response to a design problem,
they should only last as long as it takes to correct the design problem, and
the focus should be on correcting the design problem.
