Home page logo

nanog logo nanog mailing list archives

Re: do not filter your customers
From: Steven Bellovin <smb () cs columbia edu>
Date: Fri, 24 Feb 2012 13:10:23 -0500

On Feb 24, 2012, at 7:46 40AM, Danny McPherson wrote:

On Feb 23, 2012, at 10:42 PM, Randy Bush wrote:

the problem is that you have yet to rigorously define it and how to
unambiguously and rigorously detect it.  lack of that will prevent
anyone from helping you prevent it.

You referred to this incident as a "leak" in your message:

"a customer leaked a full table"

I was simply agreeing with you -- i.e., looked like a "leak", smelled 
like a "leak" - let's call it a leak.

I'm optimistic that all the good folks focusing on this in their day
jobs, and expressly funded and resourced to do so, will eventually
recognize what I'm calling "leaks" is part of the routing security 

Sure; I don't disagree, and I don't think that Randy does.  But just
because we can't solve the whole problem, does that mean we shouldn't
solve any of it?

As Randy said, we can't even try for a strong technical solution
until we have a definition that's better than "I know it when I see it".

                --Steve Bellovin, https://www.cs.columbia.edu/~smb

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]