[61559] in North American Network Operators' Group
Re: What do you want your ISP to block today?
daemon@ATHENA.MIT.EDU (Rob Thomas)
Fri Aug 29 23:07:28 2003
Date: Fri, 29 Aug 2003 22:06:39 -0500 (CDT)
From: Rob Thomas <robt@cymru.com>
To: Sean Donelan <sean@donelan.com>
Cc: NANOG <nanog@merit.edu>
In-Reply-To: <Pine.GSO.4.44.0308292049470.8774-100000@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
Hi, NANOGers.
] > He added that ISPs have the view and ability to prevent en-masse
] > attacks. "All these attacks traverse their networks before they reach
] > you and me. If they would simply stop attack traffic that has been
] > identified and accepted as such, we'd all sleep better," Cooper said.
Oh, good gravy! I have a news flash for all of you "security experts"
out there: The Internet is not one, big, coordinated firewall with a
handy GUI, waiting for you to provide the filtering rules. How many
of you "experts" regularly sniff OC-48 and OC-192 backbones for all
those naughty packets? Do you really want ISPs to filter the mother
of all ports-of-pain, TCP 80?
Filter at the *EDGE* folks. You own your own networks; use and manage
them responsibly. If you need assistance, ASK. If you can't take on
the task, purchase bandwidth from providers who sell (yes, CHARGE YOU
MONEY) a filtering service.
Thanks,
Rob.
--
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);
