[27111] in North American Network Operators' Group
Re: Yahoo! Lessons Learned
daemon@ATHENA.MIT.EDU (Andrew Brown)
Wed Feb 9 12:34:56 2000
Date: Wed, 9 Feb 2000 12:27:34 -0500
From: Andrew Brown <twofsonet@graffiti.com>
To: Vadim Antonov <avg@kotovnik.com>
Cc: nanog@nanog.org
Message-ID: <20000209122734.A9089@noc.untraceable.net>
Reply-To: Andrew Brown <atatat@atatdot.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <200002090726.XAA08147@kitty.kotovnik.com>; from avg@kotovnik.com on Tue, Feb 08, 2000 at 11:26:49PM -0800
Errors-To: owner-nanog-outgoing@merit.edu
>The DoS prevention functions (not letting directed bcast in, and not letting
>forged addresses out) should be done at provider's side.
nope, won't work. well...it might, but you also might find very irate
customers jumping up and down screaming about the filtering. the
provider simply cannot know what is and what is not a broadcast
address, simply because the customer gets to set up their own
networks.
i, for one, am using what is "technically" a broadcast address as a
unicast address (think point to point). others may be doing the same.
just because an address is an one end or another of a cidr block (or c
or b block), doesn't mean that it's broadcast.
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."
