[57934] in North American Network Operators' Group
Re: Open relays and open proxies
daemon@ATHENA.MIT.EDU (Curtis Maurand)
Mon Apr 28 00:19:07 2003
From: Curtis Maurand <curtis@maurand.com>
To: <bdragon@gweep.net>, nanog@merit.edu
Date: Mon, 28 Apr 2003 00:12:14 -0400
In-Reply-To: <20030426203407.20321.qmail@sidehack.sat.gweep.net>
Errors-To: owner-nanog-outgoing@merit.edu
It was explained to me by one of the kind folks at isc.org that my assertions
were incorrect and why. I now stand corrected. my humblest apologies for
the use of the bandwidth.
Curtis
On Saturday 26 April 2003 16:34, bdragon@gweep.net wrote:
> [CC list cleaned up]
>
> > I think the most basic thing that any xSP could do to prevent relays and
> > other basic address spoofing would be to disable source ip routing in
> > every router that's installed. I would prevent a lot of abuse.
> >
> > Curt
>
> Can you support with data either:
> 1) IP source routing is used for "lots of abuse"
> 2) disabling IP source routing would prevent "lots of abuse"
>
> LSRR is a tool utilized to verify network topology and investigate
> such things as pointing default, etc. Several SP's require LSRR
> at minimum on border routers for this reason.
