North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DNS issues various

  • From: Valdis.Kletnieks
  • Date: Thu Oct 24 16:05:13 2002

On Thu, 24 Oct 2002 18:59:46 -0000, "Kelly J. Cooper" <[email protected]>  said:

> > You know, most bars have bouncers at the door that check IDs.  Sure, they're
> > not perfect, but the bartender can usually be pretty sure the guy ordering a
> > beer is over 21. The average bar isn't run by a soooper-genius.  But it's still
> > considered fashionable to let packets roam your network without an ID check at
> > the door.
> 
> Yeah and how's that working so far?

Works a lot better than making an overworked bartender do it.  And yes, that's
an intentional dig at the "but you can't filter at the core" crowd, and the
"but you can't backtrack spoofed traffic easily" crowd...

How well does it work?  Well enough that you can drive by a bar and just *know*
that it's a dead night because there's no bouncer.  And it's never a dead night
on the Internet.

> > soooper-genius solutions aren't going to help any when there's a lot of
> > address space that's managed by Homer Simpson....
> 
> But there will always be address space managed by Homer Simpson.

Why?  I'm asking a serious question here - why is it considered acceptable?

> All I'm advocating is breaking out of that pattern.

I bet a few good lawsuits alleging civil liability for contributory
negligence for allowing spoofed packets would do wonders for that problem.

I posit that there won't be any "sooper genius" solution that will actually
work as long as the prevailing model is small islands of clue awash in a
sea of Homer Simpsons.


-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

Attachment: pgp00027.pgp
Description: PGP signature