|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: NSPs and filters
FYI, this type of ingress filtering has been documented in draft-ferguson-ingress-filtering-02.txt. - paul At 09:44 PM 07/11/97 -0400, Jon Lewis wrote: >Why is it that the NSPs I've encountered refuse to do any sort of sanity >filtering on their customer connections? i.e. If UUNet knows that FDT has >only 205.229.48/20 and 208.215.0/20, why should they let me send traffic >through their network with random source addresses? > >FDT has been the target of forged source address UDP attacks for the past >2 days. It's all being stopped at our router that takes our UUNet T1, but >the extra T1 traffic is causing UUNet's usually unreliable network to be >even less reliable, and we've lost connectivity to UUNet several times >this evening. > > 5 minute input rate 1326000 bits/sec, 318 packets/sec > 5 minute output rate 469000 bits/sec, 286 packets/sec > >PUNet suppost says there's nothing they can do, and that I should talk to >their security people about buying a firewall for FDT on monday...like a >firewall on our side of the T1 is going to do us a lot of good.... > >------------------------------------------------------------------ > Jon Lewis <[email protected]> | Unsolicited commercial e-mail will > Network Administrator | be proof-read for $199/message. > Florida Digital Turnpike | >________Finger [email protected] for PGP public key_______ >
|