[40515] in North American Network Operators' Group
Re: [NANOG] Was: Code Red 2 cleanup -- SHOULD NSPs PULL THE PLUG?
daemon@ATHENA.MIT.EDU (z@s0be.net)
Fri Aug 10 19:33:30 2001
Date: Fri, 10 Aug 2001 16:30:20 -0700 (PDT)
From: <z@s0be.net>
To: matt carter <matt@iseek.com.au>
Cc: Etaoin Shrdlu <shrdlu@deaddrop.org>, <nanog@nanog.org>
In-Reply-To: <Pine.LNX.4.21.0108110835180.4694-100000@stimpy.iseek.com.au>
Message-ID: <Pine.GSO.4.33.0108101616470.6411-100000@power.s0be.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 11 Aug 2001, matt carter wrote:
> I don't think in any situation, aggravating the problem by 'returning
> fire' serves any purpose. Put filters on your routers if it's that much of
> a problem, get your upstream to do likewise if it's that serious..
>
<--( SNIP )-->
Helu,
In the case of a lot of networks that are affected by this problem in
particular, putting filters on your routers isn't a solution. It
localizes the problem, sure, however do you just let the problem continue
ad inifinitum?
Also, the filtering of ingress/egress scanning attempts can be fairly
resource intensive and is a very short-term 'measure' ( I say measure,
because it doesn't offer a solution ). You might not 'return fire', but
you should probably be thinking further ahead to an ultimate solution. In
doing so, what are the possible solutions.. and how does elapsed time come
into play when determining which solution fits the situation?
This extends past the Code Red debacle, and into the ethereal 'what
if?'.
.z
