[50560] in North American Network Operators' Group
Re: NSPs filter?
daemon@ATHENA.MIT.EDU (bmanning@karoshi.com)
Sun Aug 4 23:27:54 2002
From: bmanning@karoshi.com
To: rekoil@semihuman.com (Chris Woodfield)
Date: Mon, 5 Aug 2002 03:23:14 +0000 (UCT)
Cc: bmanning@karoshi.com,
Arabian@ArabChat.Org (Abdullah Bin Hamad - Arabian), nanog@merit.edu
In-Reply-To: <20020805031935.GA25577@semihuman.com> from "Chris Woodfield" at Aug 04, 2002 11:19:35 PM
Errors-To: owner-nanog-outgoing@merit.edu
but wait... you have refined the question. It was "which
NSPs filter", not "which NSPs filter customers"
Different question with a different answer.
>
>
> --FCuugMFkClbJLl1L
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> IMO, Commercial ISPs should never filter customer packets unless=20
> specifically requested to do so by the customer, or in response to a=20
> security/abuse incident.=20
>
> Consumer ISPs are much more likely to have clauses in the AUPs that are=20
> enforced premptively via packet filtering - antispoof filters (honestly,=20
> antispoof filtering is, IMHO, the one expection to my "commercial ISPs=20
> should not filter" rule), port blocks to prevent customers running=20
> servers, outbound SMTP blocks to off-provider systems to stop direct-to-MX=
> =20
> spamming, ICMP rate limiting, et al. All of which are fine by me as long=20
> as they clearly assert their right to do so in their AUP - that is, as=20
> long as there's a comparable provider I can use instead.
>
> -C
>
> On Sun, Aug 04, 2002 at 02:37:12PM +0000, bmanning@karoshi.com wrote:
> >=20
> > > Good day,
> > >=20
> > > What NSPs do filter packets, and can really deal with DoS and DDoS atta=
> cks?
> > >=20
> > > -Abdullah Bin Hamad A.K.A Arabian
> >=20
> > The shorter shorter list would be the NSPs that do NOT filter
> > packets. I can't think of an NSP that does not filter.
> >=20
> > --bill
>
> --FCuugMFkClbJLl1L
> Content-Type: application/pgp-signature
> Content-Disposition: inline
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
>
> iD8DBQE9Te7GqP/YiunDNcERAt1+AJ0fT1Zp88n+1vDPzMnszf1FZrFRQQCg2u2M
> iGNyH2z/A9SLMwuudeCZILw=
> =pWj4
> -----END PGP SIGNATURE-----
>
> --FCuugMFkClbJLl1L--
>
