North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Implementing anti-abuse techniques on ISP networks....

  • From: J.D. Falk
  • Date: Wed Aug 06 19:26:47 1997

On Aug 6, Christopher Masto <[email protected]> wrote: 

> On Tue, Aug 05, 1997 at 12:30:25PM -0400, Greg A. Woods wrote:
> > The other issue mentioned by Dana is the fact that everyone (esp. the
> > "huge players"!) should have already implemented anti-spoofing IP
> > filters and should also be preventing dial-up customers from connecting
> > to anything but the providers authorised mail gateways on port 25.
> > (I still don't know why routers don't default to minimum anti-spoofing
> > and private net filtering rules!)
> I don't know about the "huge players", but we're an Internet Service
> Provider, not an Internet Blockage Provider.  We don't allow spoofing,
> and we don't allow relaying, but we're not about to put filters
> to prevent dialup customers from connecting wherever they want.

	How 'bout to stop them from connection wherever they want,
	spoofing their IP address so it looks like it's your box at
	home that's hacking into the NSA instead of them?

	This is an extreme example, but hopefully it illustrates the
	reason that a little simple filtering is a Good Thing[TM].

J.D. Falk                         voice: +1-415-482-2840 	
Supervisor, Network Operations      fax: +1-415-482-2844
See us at ISPCON '97, booth #501
"The People You Know.  The People You Trust."