nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DoS attacks, NSPs unresponsiveness

From: "Mark Mentovai" <mark-list () mentovai com>
Date: Thu, 2 Nov 2000 09:59:04 -0500 (EST)

John Fraizer wrote:

   Is there a chance that by helping one another, and by implementing
Internet RFCs corrctly (rfc 1918 for example), we can contribute to the
elimination of this kind of electronic terrorism ?


RFC1918 specifically addresses filtering routing information.  Not spoofed
addresses.  It states "routing information about private networks shall
not be propagated on inter-enterprise links, and packets with private
source or destination addresses should not be forwarded across such
links."  Notice the placement of "shall" and "should."


Although 1918 was given only as an example, substituting the number 1918 for
2827 is a common mistake.  RFC 2827 addresses spoofing and is a BCP.  You
can't argue that widespread implementation of RFC 2827's concepts wouldn't
benefit the Internet.


Now, in specific response to your question about eliminating electronic
terrorism, it is doubtful.  Doubtful that you'll ever: #1 spread enough
clue around. #2 get everyone to cooperate.


This can't go on forever.  I'd like to spread the clue about ingress
filtering, and am willing to commit time to the cause.  Is anyone with me?

Mark
Previous By Date Next
Previous By Thread Next

Current thread: