[36177] in North American Network Operators' Group
RE: dsl providers that will route /24
daemon@ATHENA.MIT.EDU (Jason Slagle)
Thu Mar 29 12:42:58 2001
Date: Thu, 29 Mar 2001 12:40:33 -0500 (EST)
From: Jason Slagle <raistlin@tacorp.net>
To: David Schwartz <davids@webmaster.com>
Cc: Tim Winders <twinders@SPC.cc.tx.us>, Valdis.Kletnieks@vt.edu,
nanog@nanog.org
In-Reply-To: <NCBBLIEPOCNJOAEKBEAKEEDNOBAA.davids@webmaster.com>
Message-ID: <Pine.BSO.4.21.0103291236560.17475-100000@mail.tacorp.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
--
Jason Slagle - CCNP - CCDA
Network Administrator - Toledo Internet Access - Toledo Ohio
- raistlin@tacorp.net - jslagle@toledolink.com - WHOIS JS10172
/"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
\ / ASCII Ribbon Campaign . If dreams are like movies then memories
X - NO HTML/RTF in e-mail . are films about ghosts..
/ \ - NO Word docs in e-mail . - Adam Duritz - Counting Crows
On Wed, 28 Mar 2001, David Schwartz wrote:
> I'll go one further -- if you're not going to investigate suspicious
> traffic (because it's too expensive or you're too lazy or whatever), it's
> probably better that you filter than not. At least that way you might
> minimize the damage done to others, and that's certainly a good thing.
>
> I don't have a problem with filtering traffic that can't possibly be
> legitimate. If you're one of those people who agrees that packets with
> RFC1918 source IPs have no place on the Internet, then filter that. You can
> even advocate that others filter it, because it has no possibility of
> blocking legitimate traffic.
>
> What I do oppose is militant filtering advocacy where those filters will
> filter out legitimate traffic. ISP's should not feel coerced into "erring on
> the side of security" by filtering their customer's possibly legitimate
> traffic when there are reasonable alternatives. In this case, there is --
> allow, analyze, follow up, filter if and where neccessary.
Thats all well and good if you are going to have someone monitor the logs
of these packets 24x7, but if you have a customer get hacked and start
spewing shitloads of spoofed sourced packets at various networks (Insert
your favorite DDOS Drone here), then the damage is high, immediate, and
done by the time you notice it in most cases.
Jason
