nanog mailing list archives
Re: DNS issues various
From: Valdis.Kletnieks () vt edu
Date: Thu, 24 Oct 2002 16:01:09 -0400
On Thu, 24 Oct 2002 18:59:46 -0000, "Kelly J. Cooper" <kcooper () genuity net> said:
You know, most bars have bouncers at the door that check IDs. Sure, they're not perfect, but the bartender can usually be pretty sure the guy ordering a beer is over 21. The average bar isn't run by a soooper-genius. But it's still considered fashionable to let packets roam your network without an ID check at the door.Yeah and how's that working so far?
Works a lot better than making an overworked bartender do it. And yes, that's an intentional dig at the "but you can't filter at the core" crowd, and the "but you can't backtrack spoofed traffic easily" crowd... How well does it work? Well enough that you can drive by a bar and just *know* that it's a dead night because there's no bouncer. And it's never a dead night on the Internet.
soooper-genius solutions aren't going to help any when there's a lot of address space that's managed by Homer Simpson....But there will always be address space managed by Homer Simpson.
Why? I'm asking a serious question here - why is it considered acceptable?
All I'm advocating is breaking out of that pattern.
I bet a few good lawsuits alleging civil liability for contributory negligence for allowing spoofed packets would do wonders for that problem. I posit that there won't be any "sooper genius" solution that will actually work as long as the prevailing model is small islands of clue awash in a sea of Homer Simpsons. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Attachment:
_bin
Description:
Current thread:
- DNS issues various Simon Waters (Oct 24)
- Re: DNS issues various Doug Barton (Oct 25)
- <Possible follow-ups>
- Re: DNS issues various Randy Bush (Oct 24)
- Re: DNS issues various Richard Forno (Oct 24)
- Re: DNS issues various Kelly J. Cooper (Oct 24)
- Re: DNS issues various Valdis . Kletnieks (Oct 24)
- Re: DNS issues various Kelly J. Cooper (Oct 24)
- Re: DNS issues various Valdis . Kletnieks (Oct 24)
- Re: DNS issues various Barry Shein (Oct 24)
- Re: DNS issues various Sean Donelan (Oct 24)
- Re: DNS issues various Barry Shein (Oct 24)
- Re: DNS issues various Peter Salus (Oct 24)
- Re: DNS issues various Ben Browning (Oct 24)
- How to secure the Internet in three easy steps Sean Donelan (Oct 25)
- Re: How to secure the Internet in three easy steps Paul Vixie (Oct 25)
- Re: How to secure the Internet in three easy steps Sean Donelan (Oct 25)
- Re: How to secure the Internet in three easy steps Paul Vixie (Oct 25)
- RE: How to secure the Internet in three easy steps Sameer R. Manek (Oct 25)
- Re: DNS issues various Richard Forno (Oct 24)