[31970] in North American Network Operators' Group
Re: DoS attacks, NSPs unresponsiveness
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Nov 2 10:35:16 2000
Message-Id: <200011021529.eA2FTY428206@black-ice.cc.vt.edu>
To: Mark Mentovai <mark-list@mentovai.com>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Thu, 02 Nov 2000 09:59:04 EST."
<Pine.GSO.4.21.0011020958420.26984-100000@pine.ggn.net>
From: Valdis.Kletnieks@vt.edu
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_-838519868P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Thu, 02 Nov 2000 10:29:34 -0500
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_-838519868P
Content-Type: text/plain; charset=us-ascii
On Thu, 02 Nov 2000 09:59:04 EST, Mark Mentovai <mark-list@mentovai.com> said:
> This can't go on forever. I'd like to spread the clue about ingress
> filtering, and am willing to commit time to the cause. Is anyone with me?
The problem is that for many ISPs, I fear the only way to get them to
implement 2827-style filtering is for their upstreams to implement a
policy of fascist-mode ingress filtering - "We see a bogon packet that
your site should have filtered, we pull the plug on your link till you
fix it".
Time alone won't be enough. Bring a baseball bat. And a spare bat.
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
--==_Exmh_-838519868P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Exmh version 2.2 06/16/2000
iQA/AwUBOgGIXnAt5Vm009ewEQI/zQCfSKRjO5LG04qkyTL0TJvfZo3Ts6UAoNg3
AQliNn+CNqNJdVD2PNURJgvv
=oc7l
-----END PGP SIGNATURE-----
--==_Exmh_-838519868P--
