nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco says attacks are due to operational practices

From: "John M. Brown" <jmbrown () ihighway net>
Date: Thu, 10 Feb 2000 22:07:20 -0700

One would assume that those upstreams know about the various blocks.

If one of our customers starts blowing packets towards us with SRC IP
not being something we know about, we drop it. Period.  If they tell
us we add it to the ACL.


On Thu, Feb 10, 2000 at 09:50:22PM -0500, Vijay Gill wrote:


On Thu, 10 Feb 2000, Paul Ferguson wrote:



At 06:13 PM 02/10/2000 -0800, Chris Cappuccio wrote:


Filtering incoming our outgoing ports for anybody's network but your own (not
your customer's) is wrong.  You know specifically what apps you are running.
How can you know what your customer is running or what they want to do ?


Excuse me, but can you please tell me what "application" a downstream
customer might be running which originates packets for traffic with
source addresses which they are not advertising (or you are advertising
for them)?


Trivial.  I've seen several companies with two or more upstreams that are
statically routed by their upstreams with a their respective blocks but
default out.

One might argue this is bad, but engineering is all about compromises and
the real world and this happens in the real world. A lot.

/vijay
Previous By Date Next
Previous By Thread Next

Current thread: