nanog mailing list archives
Re: BCP38 making it work, solving problems
From: Fred Baker <fred () cisco com>
Date: Tue, 19 Oct 2004 08:19:32 -0400
At 01:11 PM 10/19/04 +0200, JP Velders wrote:
As it was "in the old days": first clean up your own act and then start pointing at others that they're doing "it" wrong.
hear hear... But Paul knows and in fact does that. He is pointing out the difficulty of getting people to do basic things that are for their own benefit.
For example, how many ISPs use TCP MD5 to limit the possibility of a BGP/TCP connection getting hijacked or disrupted by a ddos attack? But this has been in the code since ~1990, and was put there because of a fairly serious and specific attack that was made on Internet routing, and benefits primarily the ISP that enables the procedure in that it knows that its routes are coming to it from systems it has chosen to trust.
Ingress filters help the ISP that installs them, in that a certain class of attacks are prevented among customers of the ISP. Would it be better if all ISPs and all edge networks put appropriate filters in place? Absolutely. But even if they do not, the ISP saves itself that much trouble.
Where ingress filters don't help, of course, is when the attacks come from an apparently-legitimate address. Then we are off to other tools.
Current thread:
- Re: BCP38 making it work, solving problems, (continued)
- Re: BCP38 making it work, solving problems Christopher L. Morrow (Oct 11)
- Re: BCP38 making it work, solving problems Niels Bakker (Oct 12)
- Re: BCP38 making it work, solving problems Christopher L. Morrow (Oct 12)
- Re: BCP38 making it work, solving problems Paul Vixie (Oct 12)
- Re: BCP38 making it work, solving problems alex (Oct 12)
- Re: BCP38 making it work, solving problems Steven Champeon (Oct 12)
- Re: BCP38 making it work, solving problems alex (Oct 12)
- Re: BCP38 making it work, solving problems Suresh Ramasubramanian (Oct 12)
- Re: BCP38 making it work, solving problems Steven Champeon (Oct 13)
- Re: BCP38 making it work, solving problems JP Velders (Oct 19)
- Re: BCP38 making it work, solving problems Fred Baker (Oct 19)
- Re: BCP38 making it work, solving problems Randy Bush (Oct 19)
- Re: BCP38 making it work, solving problems JP Velders (Oct 19)
- Re: BCP38 making it work, solving problems David G. Andersen (Oct 19)
- Re: BCP38 making it work, solving problems JP Velders (Oct 19)
- Re: BCP38 making it work, solving problems Patrick W Gilmore (Oct 19)
- Re: BCP38 making it work, solving problems Jon Lewis (Oct 20)
- Re: BCP38 making it work, solving problems Joe Abley (Oct 21)
- Re: BCP38 making it work, solving problems Paul Vixie (Oct 19)
- Re: BCP38 making it work, solving problems JP Velders (Oct 19)
- Re: BCP38 making it work, solving problems Jared Mauch (Oct 19)