nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco says attacks are due to operational practices

From: Jared Mauch <jared () puck Nether net>
Date: Thu, 10 Feb 2000 21:22:40 -0500

On Thu, Feb 10, 2000 at 06:13:56PM -0800, Chris Cappuccio wrote:


Filtering incoming our outgoing ports for anybody's network but your own (not
your customer's) is wrong.  You know specifically what apps you are running.  
How can you know what your customer is running or what they want to do ?


        Filtering my customers to prevent them from sending me
packets with source ip addresses other than those they have
told me about, or I have assigned to them is not wrong.


If the customer is aware this is happening or even requests this type of
firewall service, that's great.  But to filter ports on backbone routers is
stupid.


        Lets explain it this way:

        If I were operating a telephone network, I would only allow
calls from numbers that I assigned, or my customers ask to be routed
to them.

        Or even this:
        
        If I operate a cellular network, I can choose what the source
number is on their telephone, and if I want to allow it.

        - Jared
Previous By Date Next
Previous By Thread Next

Current thread: