[50559] in North American Network Operators' Group
Re: NSPs filter?
daemon@ATHENA.MIT.EDU (Chris Woodfield)
Sun Aug 4 23:23:38 2002
Date: Sun, 4 Aug 2002 23:19:35 -0400
From: Chris Woodfield <rekoil@semihuman.com>
To: bmanning@karoshi.com
Cc: Abdullah Bin Hamad - Arabian <Arabian@ArabChat.Org>,
nanog@merit.edu
In-Reply-To: <200208041437.OAA17395@vacation.karoshi.com>
Errors-To: owner-nanog-outgoing@merit.edu
--FCuugMFkClbJLl1L
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
IMO, Commercial ISPs should never filter customer packets unless=20
specifically requested to do so by the customer, or in response to a=20
security/abuse incident.=20
Consumer ISPs are much more likely to have clauses in the AUPs that are=20
enforced premptively via packet filtering - antispoof filters (honestly,=20
antispoof filtering is, IMHO, the one expection to my "commercial ISPs=20
should not filter" rule), port blocks to prevent customers running=20
servers, outbound SMTP blocks to off-provider systems to stop direct-to-MX=
=20
spamming, ICMP rate limiting, et al. All of which are fine by me as long=20
as they clearly assert their right to do so in their AUP - that is, as=20
long as there's a comparable provider I can use instead.
-C
On Sun, Aug 04, 2002 at 02:37:12PM +0000, bmanning@karoshi.com wrote:
>=20
> > Good day,
> >=20
> > What NSPs do filter packets, and can really deal with DoS and DDoS atta=
cks?
> >=20
> > -Abdullah Bin Hamad A.K.A Arabian
>=20
> The shorter shorter list would be the NSPs that do NOT filter
> packets. I can't think of an NSP that does not filter.
>=20
> --bill
--FCuugMFkClbJLl1L
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9Te7GqP/YiunDNcERAt1+AJ0fT1Zp88n+1vDPzMnszf1FZrFRQQCg2u2M
iGNyH2z/A9SLMwuudeCZILw=
=pWj4
-----END PGP SIGNATURE-----
--FCuugMFkClbJLl1L--
