|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Clueless service restrictions (was RE: Anti-spam System Idea)
On Tue, 17 Feb 2004 21:48:18 +0000 Alex Bligh <[email protected]> wrote: > a) Some forms of filtering, which do occasionally prevent the customer > from using their target application, are in general good, as the > operational (see, on topic) impact of *not* applying tends to be > worse than the disruption of applying them. Examples: source IP > filtering on ingress, BGP route filtering. Both of these are known > to break harmless applications. I would suggest both are good things. There are some potential applications that these can break also. For example, a distributed application that sends out probes might wish to use the source IP address of a remote collector that is used to measure time delay or network path information. If Lumeta could have tunnels to a bunch of hosts, send traceroutes to various Internet places through those tunnels and have the tunneled hosts use Lumeta's IP as the source IP, they could build a pretty cool distributed peacock map. It is of course difficult to find a way to use these legitimate types of apps today without the infrastructure succumbing to attacks such as the source spoofed DoS traffic floods. John
|