Home page logo

nanog logo nanog mailing list archives

Re: NSPs and filters
From: Phil Howard <phil () charon milepost com>
Date: Sat, 12 Jul 1997 10:09:15 -0500 (CDT)

Jon Lewis writes...

Why is it that the NSPs I've encountered refuse to do any sort of sanity
filtering on their customer connections?  i.e. If UUNet knows that FDT has
only 205.229.48/20 and 208.215.0/20, why should they let me send traffic
through their network with random source addresses?

I'm assuming that they don't want to overload their router with all that
extra filtering, especially on the interface inbounds.

OTOH, I've always believed that all routers should be required to apply
routing decisions first to the source address and determine if the interface
it arrived on is at least a valid return path (not necessarily best) and if
not, drop the packet.  Then do the destination work.

Again, too much work for the routers to do.

But then, I wonder how much work they are doing routing source forged
packets and other denial of service traffic.

Phil Howard KA9WGN   +-------------------------------------------------------+
Linux Consultant     |  Linux installation, configuration, administration,   |
Milepost Services    |  monitoring, maintenance, and diagnostic services.    |
phil at milepost.com +-------------------------------------------------------+

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]