nanog mailing list archives
Re: ISP port blocking practice
From: Joe Provo <nanog-post () rsuc gweep net>
Date: Mon, 26 Oct 2009 06:03:59 -0400
[tangent of interst for the archives] On Sat, Oct 24, 2009 at 02:07:42PM -0500, Joe Greco wrote: [snip]
If I'm assigned 24.1.2.3 by Comcast, and Comcast filters my ingress to prevent me from emitting other addresses, you claim that's fine because it's BCP38. There's a problem: I can validly emit a variety of other addresses, in particular any address in 206.55.64.0/20 and some other networks. I am not "forging" packets if I emit 206.55.64.0/20-sourced addresses down a Comcast pipe.
Only in your service agreement allows this. Most folks realized both - the bad guys figured out this 'triangle routing' ages ago (was common to send bulk abuse traffic down broadband and receive the ack stream on dialup Back In The Day) and specificlly disallow it. - such hacks to attempt multihoming without BGP fail in spectacular ways nd can't be reled on for any real traffic. So while you may have an allocation and therefore not be 'forging' by strict definitions, you are injecting martian traffic as far as the resi broadband provider is concerned and it should be dropped. -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
Current thread:
- Re: ISP port blocking practice, (continued)
- Re: ISP port blocking practice Patrick W. Gilmore (Oct 23)
- Re: ISP port blocking practice Owen DeLong (Oct 23)
- Re: ISP port blocking practice Joe Greco (Oct 24)
- Re: ISP port blocking practice Owen DeLong (Oct 24)
- Re: ISP port blocking practice Joe Greco (Oct 24)
- Re: ingress filtering and multiple Internet conenctions Joe Maimon (Oct 25)
- Re: ingress filtering and multiple Internet conenctions Joe Greco (Oct 25)
- Re: ingress filtering and multiple Internet conenctions Joe Maimon (Oct 25)
- Re: ingress filtering and multiple Internet conenctions Owen DeLong (Oct 25)
- Re: ingress filtering and multiple Internet conenctions Owen DeLong (Oct 25)
- Re: ISP port blocking practice Joe Provo (Oct 26)
- Re: ISP port blocking practice Joe Provo (Oct 25)
- Re: ISP port blocking practice Steve Bertrand (Oct 22)
- Re: ISP port blocking practice Jon Kibler (Oct 23)
- Re: ISP port blocking practice Steve Bertrand (Oct 23)
- RE: ISP port blocking practice Keith Medcalf (Oct 24)