North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ICMP Attacks???????

  • From: Paul G. Donner
  • Date: Tue Aug 26 10:18:32 1997

At 03:26 PM 8/21/97 -0500, Jon Green wrote:
>On Thu, 21 Aug 1997 13:18:34 -0700, [email protected] writes:
>>There is another mitigation: everyone here should commit to filtering
>>customer packets at the customer premesis router (or at the dial in for
>>PPP/SLIP) such that it is not possible for a customer to send a packet into
>>the network that has an IP source address on it that is not assigned to
>>that customer. That is, no more lying about source addresses.
>Every time I show a customer of mine how to configure a router, I 
>try to educate them on this.  We need some kind of massive marketing
>effort to get this out to people though.  People would do it, but nobody
>knows about it.

Why not include it as part of "their" contractual obligations by placing
it in the text of the contract as well as by including an instructional
whitepaper.  You can't really enforce it but at least you get the coverage
you want.  Besides, if the customer is as clueless as most (and I say that
in a benign way) they may not know that you can't or wouldn't really enforce

>Maybe we should get CyberPromo to spam all the technical contacts
>in Internic's database to tell them how to do filtering. :)
>     -----------------------------------------------------------------
>    *      Jon Green            *         "Life's a dance             *
>   *   [email protected]       *          you learn as you go"        *
>  *  Finger for Geek Code/PGP   *                                       *
> *  #include "std_disclaimer.h" * *
> -------------------------------------------------------------------------