North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: NSPs and filters
Jon, >From provider side of things they have more packets to fly than that of FDT. The more one has to filter, the less cpu there is to route packets.. I suspect that this may be the only cause... regards, -dave On Fri, 11 Jul 1997, Jon Lewis wrote: > Why is it that the NSPs I've encountered refuse to do any sort of sanity > filtering on their customer connections? i.e. If UUNet knows that FDT has > only 205.229.48/20 and 208.215.0/20, why should they let me send traffic > through their network with random source addresses? > > FDT has been the target of forged source address UDP attacks for the past > 2 days. It's all being stopped at our router that takes our UUNet T1, but > the extra T1 traffic is causing UUNet's usually unreliable network to be > even less reliable, and we've lost connectivity to UUNet several times > this evening. > > 5 minute input rate 1326000 bits/sec, 318 packets/sec > 5 minute output rate 469000 bits/sec, 286 packets/sec > > PUNet suppost says there's nothing they can do, and that I should talk to > their security people about buying a firewall for FDT on monday...like a > firewall on our side of the T1 is going to do us a lot of good.... > > ------------------------------------------------------------------ > Jon Lewis <[email protected]> | Unsolicited commercial e-mail will > Network Administrator | be proof-read for $199/message. > Florida Digital Turnpike | > ________Finger [email protected] for PGP public key_______ > >
|