North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DoS attacks, NSPs unresponsiveness

  • From: Mark Mentovai
  • Date: Thu Nov 02 10:05:08 2000

John Fraizer wrote:
>>    Is there a chance that by helping one another, and by implementing
>> Internet RFCs corrctly (rfc 1918 for example), we can contribute to the
>> elimination of this kind of electronic terrorism ?
>RFC1918 specifically addresses filtering routing information.  Not spoofed
>addresses.  It states "routing information about private networks shall
>not be propagated on inter-enterprise links, and packets with private
>source or destination addresses should not be forwarded across such
>links."  Notice the placement of "shall" and "should."

Although 1918 was given only as an example, substituting the number 1918 for
2827 is a common mistake.  RFC 2827 addresses spoofing and is a BCP.  You
can't argue that widespread implementation of RFC 2827's concepts wouldn't
benefit the Internet.

>Now, in specific response to your question about eliminating electronic
>terrorism, it is doubtful.  Doubtful that you'll ever: #1 spread enough
>clue around. #2 get everyone to cooperate.

This can't go on forever.  I'd like to spread the clue about ingress
filtering, and am willing to commit time to the cause.  Is anyone with me?