North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ICMP rate limiting on EGRESS (Warning, operational content inside)

  • From: Sam Thomas
  • Date: Mon Jan 17 04:15:46 2000

On Sun, Jan 16, 2000 at 08:06:21PM -0800, Randy Bush wrote:
> 
> > Is this a good idea?
> 
> seems to me that there's sufficient chance that it is a REALLY good idea,
> that folk should seriously try it.

ideas that good should have been implemented a long time ago. OTOH, I am
of the opinion that the real problem is neither ICMP nor IP directed
broadcast. the real problem, as I see it, is spoofed-source packets. the
others are scapegoat accoplices which are more easily corrected, and
therefore more susceptible to brute-force corrective action. there has
been talk, and even a few implementations to correct the real problem, but
it has not gotten the attention or corrective action that it deserves.
perhaps this is because it is impractical to dial into every ISP's modem
banks and determine if they allow spoofed-source packets for the purpose
of creating the ever popular black-list of naughty network operatort.

upon further pondering, I came up with this variation on a time-honored
favorite:
the solution: cheap, easy, correct...pick 2.