[95190] in North American Network Operators' Group
Re: Where are static bogon filters appropriate? was: 96.2.0.0/16
daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)
Tue Mar 6 15:54:58 2007
Date: Tue, 6 Mar 2007 21:54:06 +0100 (CET)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: Sean Donelan <sean@donelan.com>
Cc: NANOG <nanog@merit.edu>
In-Reply-To: <Pine.GSO.4.64.0703061449410.22141@clifden.donelan.com>
Errors-To: owner-nanog@merit.edu
On Tue, 6 Mar 2007, Sean Donelan wrote:
> Isn't this true of everything (bad source addresses, worms, abuse, etc).
> Does hiding/ignoring the problem just makes it worse because there is no
> incentive to fix the problem while it is still a small problem? If it
> isn't important enough to bother the customer, why bother to fix it?
Let's take a concrete example:
Customer gets hacked, one of their boxen starts spewing traffic with
spoofed addresses. The way I understand your solution is to automatically
shut their port and disrupt all their traffic, and have them call customer
support to get any further.
Do you really think this is a good solution?
I don't see any customer with a choice continuing having a relationship
with me if I treat them like that. It will cost me and them too much.
So instead I just drop their spoofed traffic and if they call and say that
their line is slow, I'll just say it's full and they can themselves track
down the offending machine and shut it off to solve the problem.
--
Mikael Abrahamsson email: swmike@swm.pp.se
