[27288] in North American Network Operators' Group
Re: Cisco says attacks are due to operational practices
daemon@ATHENA.MIT.EDU (John M. Brown)
Thu Feb 10 23:51:59 2000
Message-ID: <20000210220720.C9859@abq-mail-01.ihighway.net>
Date: Thu, 10 Feb 2000 22:07:20 -0700
From: "John M. Brown" <jmbrown@ihighway.net>
To: Vijay Gill <wrath@cs.umbc.edu>,
Paul Ferguson <ferguson@cisco.com>
Cc: Chris Cappuccio <chris@dqc.org>, nanog@merit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <Pine.SOL.3.95.1000210214755.15999B-100000@mailserver-ng.cs.umbc.edu>; from Vijay Gill on Thu, Feb 10, 2000 at 09:50:22PM -0500
Errors-To: owner-nanog-outgoing@merit.edu
One would assume that those upstreams know about the various blocks.
If one of our customers starts blowing packets towards us with SRC IP
not being something we know about, we drop it. Period. If they tell
us we add it to the ACL.
On Thu, Feb 10, 2000 at 09:50:22PM -0500, Vijay Gill wrote:
>
> On Thu, 10 Feb 2000, Paul Ferguson wrote:
>
> >
> > At 06:13 PM 02/10/2000 -0800, Chris Cappuccio wrote:
> >
> > >Filtering incoming our outgoing ports for anybody's network but your own (not
> > >your customer's) is wrong. You know specifically what apps you are running.
> > >How can you know what your customer is running or what they want to do ?
> >
> > Excuse me, but can you please tell me what "application" a downstream
> > customer might be running which originates packets for traffic with
> > source addresses which they are not advertising (or you are advertising
> > for them)?
>
> Trivial. I've seen several companies with two or more upstreams that are
> statically routed by their upstreams with a their respective blocks but
> default out.
>
> One might argue this is bad, but engineering is all about compromises and
> the real world and this happens in the real world. A lot.
>
> /vijay
>
>
>
