nanog mailing list archives
Re: DoS attacks, NSPs unresponsiveness
From: J Bacher <jb () jbacher com>
Date: Thu, 2 Nov 2000 09:58:25 -0600 (CST)
On Thu, 2 Nov 2000 Valdis.Kletnieks () vt edu wrote:
The problem is that for many ISPs, I fear the only way to get them to implement 2827-style filtering is for their upstreams to implement a policy of fascist-mode ingress filtering - "We see a bogon packet that your site should have filtered, we pull the plug on your link till you fix it".
Wonderful. The problem has been identified. But, other than foot-stomping, I haven't seen any solutions to correct it. The "we'll pull the plug" attitude won't work unless absence of said filtering violates that ISP's upstream AUP or contract. Some problems: ISPs should be doing ingress filtering and aren't. There [may] exist ISPs that [may] know that such filtering needs to be done and don't possess the information/wherewithall/incentive to determine a resolution for implementation. Some suggestions: 1) Develop a group of technical contacts, one each company, for each Tier 1 provider. 2) Create a document with configuration examples for various routers 3) Request that each technical contact of these Tier 1 providers coordinate with its respective internal customer service reps to handle dissemination of said document to its ISP customers. or 4) Disseminate the document through other appropriate mailing lists or newsgroups. It's completely pointless to identify a problem without also identifying possible solutions or working toward correcting the problem.
Current thread:
- Re: DoS attacks, NSPs unresponsiveness, (continued)
- Re: DoS attacks, NSPs unresponsiveness Ariel Biener (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness Joe Shaw (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness John Fraizer (Nov 03)
- Re: DoS attacks, NSPs unresponsiveness Joe Shaw (Nov 03)
- Re: DoS attacks, NSPs unresponsiveness Mark Mentovai (Nov 03)
- Re: DoS attacks, NSPs unresponsiveness John Fraizer (Nov 03)
- Re: DoS attacks, NSPs unresponsiveness Simon Lyall (Nov 03)
- RE: DoS attacks, NSPs unresponsiveness rick (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness Valdis . Kletnieks (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness J Bacher (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness Valdis . Kletnieks (Nov 02)
- Re: DoS attacks, NSPs unresponsiveness J Bacher (Nov 02)