[62594] in North American Network Operators' Group
RE: Providers removing blocks on port 135?
daemon@ATHENA.MIT.EDU (Owen DeLong)
Fri Sep 19 13:28:41 2003
Date: Fri, 19 Sep 2003 10:23:28 -0700
From: Owen DeLong <owen@delong.com>
To: Matthew Kaufman <matthew@eeph.com>,
"'Jack Bates'" <jbates@brightok.net>,
"'Adam Hall'" <Adam.Hall@networktelephone.net>
Cc: nanog@nanog.org
In-Reply-To: <003d01c37ed1$851f6e00$0200b3cd@matthewdesk>
Errors-To: owner-nanog-outgoing@merit.edu
OK... Obviously, you need to do what you need to do to keep things
running. However, that should be a temporary crisis response. If your
equipment is getting DOS'd for more than a few months, we need to find
a way to fix a bigger problem. Permanently breaking some service
(regardless
of what we think of it. Personally, I'll be glad to see M$ go down in
flames)
is _NOT_ the correct answer.
Owen
--On Friday, September 19, 2003 10:14 AM -0700 Matthew Kaufman
<matthew@eeph.com> wrote:
> I agree entirely with this. You shouldn't call yourself an ISP unless you
> can transport the whole Internet, including those "bad Microsoft ports",
> between the world and your customers.
>
> On the other hand, what's a provider to do when their access hardware
> can't deal with a pathological set of flows or arp entries? There isn't a
> good business case to forklift out your DSLAMs and every customer's
> matching CPE when a couple of ACLs will fix the problem. For that matter,
> there isn't a very good business case for transporting Nachi's ICMP
> floods across an international backbone network when you can do a bit of
> rate-limiting and cut your pipe requirements by 10-20%.
>
> Matthew Kaufman
> matthew@eeph.com
>
>> -----Original Message-----
>> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On
>> Behalf Of Owen DeLong
>> Sent: Friday, September 19, 2003 10:03 AM
>> To: Jack Bates; Adam Hall
>> Cc: 'nanog@nanog.org'
>> Subject: Re: Providers removing blocks on port 135?
>>
>>
>>
>> FWIW, my opinion is that blocking this at the customer edge
>> per customer request is fine. Any other blocking by an ISP
>> is damage and should be routed around like any other internet damage.
>>
>> Owen
>>
>
