North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco says attacks are due to operational practices

  • From: John M. Brown
  • Date: Thu Feb 10 23:52:43 2000

One would assume that those upstreams know about the various blocks.

If one of our customers starts blowing packets towards us with SRC IP
not being something we know about, we drop it. Period.  If they tell
us we add it to the ACL.


On Thu, Feb 10, 2000 at 09:50:22PM -0500, Vijay Gill wrote:
> 
> On Thu, 10 Feb 2000, Paul Ferguson wrote:
> 
> > 
> > At 06:13 PM 02/10/2000 -0800, Chris Cappuccio wrote:
> > 
> > >Filtering incoming our outgoing ports for anybody's network but your own (not
> > >your customer's) is wrong.  You know specifically what apps you are running.
> > >How can you know what your customer is running or what they want to do ?
> > 
> > Excuse me, but can you please tell me what "application" a downstream
> > customer might be running which originates packets for traffic with
> > source addresses which they are not advertising (or you are advertising
> > for them)?
> 
> Trivial.  I've seen several companies with two or more upstreams that are
> statically routed by their upstreams with a their respective blocks but
> default out.
> 
> One might argue this is bad, but engineering is all about compromises and
> the real world and this happens in the real world. A lot.
> 
> /vijay
> 
> 
>