nanog mailing list archives
Re: NSPs and filters
From: ice9 <ice9 () paranoia com>
Date: Sat, 12 Jul 1997 06:05:36 -0500 (CDT)
On Fri, 11 Jul 1997, Jon Lewis wrote:
Why is it that the NSPs I've encountered refuse to do any sort of sanity filtering on their customer connections? i.e. If UUNet knows that FDT has only 205.229.48/20 and 208.215.0/20, why should they let me send traffic through their network with random source addresses? FDT has been the target of forged source address UDP attacks for the past 2 days. It's all being stopped at our router that takes our UUNet T1, but the extra T1 traffic is causing UUNet's usually unreliable network to be even less reliable, and we've lost connectivity to UUNet several times this evening.
Its not feasible to filter packets on customer gateway routers. When you impose a packet filter on a GW router customer interface, all packets destined to that customer have to be matched to an access-list and then forwarded down the pipe or dropped. This increases the load on the router CPU, because it is used to switching the packets. Now you have to analyze each packet which takes up CPU time. This is not a nice thing to do to a router, especially while the router is trying to keep up with 50 other customers... And if more than 1 customer wants this type of service, you start really feeling the load. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ice9 () paranoia com http://www.paranoia.com/~ice9 My opinion may not reflect that of any living person, but its the only one that counts!! main() {for(;;fork());} =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Current thread:
- NSPs and filters Jon Lewis (Jul 11)
- Re: NSPs and filters Paul Ferguson (Jul 12)
- Re: NSPs and filters Dave Pokorney (Jul 12)
- Re: NSPs and filters Daniel Senie (Jul 12)
- Re: NSPs and filters Jon Lewis (Jul 12)
- Re: NSPs and filters Daniel Senie (Jul 12)
- Re: NSPs and filters Phil Howard (Jul 12)
- Re: NSPs and filters Daniel Senie (Jul 12)
- <Possible follow-ups>
- Re: NSPs and filters ice9 (Jul 12)
- Re: NSPs and filters Phil Howard (Jul 12)
- Re: NSPs and filters Jon Lewis (Jul 12)
- Re: NSPs and filters Deepak Jain (Jul 12)
- Re: NSPs and filters Adrian J Bool (Jul 13)
- Re: NSPs and filters Phil Howard (Jul 12)
- Re: NSPs and filters Jon Lewis (Jul 12)
- Re: NSPs and filters Randy Bush (Jul 12)
- Re: NSPs and filters Jon Lewis (Jul 12)
- Re: NSPs and filters Dorian R. Kim (Jul 13)
- Re: NSPs and filters Sean M. Doran (Jul 14)