[27284] in North American Network Operators' Group
Re: Cisco says attacks are due to operational practices
daemon@ATHENA.MIT.EDU (Vijay Gill)
Thu Feb 10 22:05:45 2000
Date: Thu, 10 Feb 2000 21:50:22 -0500 (EST)
From: Vijay Gill <wrath@cs.umbc.edu>
To: Paul Ferguson <ferguson@cisco.com>
Cc: Chris Cappuccio <chris@dqc.org>, nanog@merit.edu
In-Reply-To: <4.2.2.20000210212108.00a33190@lint.cisco.com>
Message-ID: <Pine.SOL.3.95.1000210214755.15999B-100000@mailserver-ng.cs.umbc.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 10 Feb 2000, Paul Ferguson wrote:
>
> At 06:13 PM 02/10/2000 -0800, Chris Cappuccio wrote:
>
> >Filtering incoming our outgoing ports for anybody's network but your own (not
> >your customer's) is wrong. You know specifically what apps you are running.
> >How can you know what your customer is running or what they want to do ?
>
> Excuse me, but can you please tell me what "application" a downstream
> customer might be running which originates packets for traffic with
> source addresses which they are not advertising (or you are advertising
> for them)?
Trivial. I've seen several companies with two or more upstreams that are
statically routed by their upstreams with a their respective blocks but
default out.
One might argue this is bad, but engineering is all about compromises and
the real world and this happens in the real world. A lot.
/vijay
