nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NSPs filter?

From: Chris Woodfield <rekoil () semihuman com>
Date: Mon, 5 Aug 2002 14:30:12 -0400
I'll clarify this...I already noted that antispoof filtering is an exception, 
and I'll agree that RPF fits loosely under the antispoofing definition as well, 
albiet in the other direction.

-C

On Sun, Aug 04, 2002 at 11:19:35PM -0400, Chris Woodfield wrote:

IMO, Commercial ISPs should never filter customer packets unless 
specifically requested to do so by the customer, or in response to a 
security/abuse incident. 

Consumer ISPs are much more likely to have clauses in the AUPs that are 
enforced premptively via packet filtering - antispoof filters (honestly, 
antispoof filtering is, IMHO, the one expection to my "commercial ISPs 
should not filter" rule), port blocks to prevent customers running 
servers, outbound SMTP blocks to off-provider systems to stop direct-to-MX 
spamming, ICMP rate limiting, et al. All of which are fine by me as long 
as they clearly assert their right to do so in their AUP - that is, as 
long as there's a comparable provider I can use instead.

-C

On Sun, Aug 04, 2002 at 02:37:12PM +0000, bmanning () karoshi com wrote:



Good day,

What NSPs do filter packets, and can really deal with DoS and DDoS attacks?

-Abdullah Bin Hamad A.K.A Arabian


    The shorter shorter list would be the NSPs that do NOT filter
    packets.  I can't think of an NSP that does not filter.

--bill

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: