[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nanog
Subject:    NSPs and filters
From:       Jon Lewis <jlewis () inorganic5 ! fdt ! net>
Date:       1997-07-12 1:44:49
[Download RAW message or body]

Why is it that the NSPs I've encountered refuse to do any sort of sanity
filtering on their customer connections?  i.e. If UUNet knows that FDT has
only 205.229.48/20 and 208.215.0/20, why should they let me send traffic
through their network with random source addresses?

FDT has been the target of forged source address UDP attacks for the past
2 days.  It's all being stopped at our router that takes our UUNet T1, but
the extra T1 traffic is causing UUNet's usually unreliable network to be
even less reliable, and we've lost connectivity to UUNet several times
this evening.

  5 minute input rate 1326000 bits/sec, 318 packets/sec
  5 minute output rate 469000 bits/sec, 286 packets/sec

PUNet suppost says there's nothing they can do, and that I should talk to
their security people about buying a firewall for FDT on monday...like a
firewall on our side of the T1 is going to do us a lot of good....

------------------------------------------------------------------
 Jon Lewis <jlewis@fdt.net>  |  Unsolicited commercial e-mail will
 Network Administrator       |  be proof-read for $199/message.
 Florida Digital Turnpike    |  
________Finger jlewis@inorganic5.fdt.net for PGP public key_______

[prev in list] [next in list] [prev in thread] [next in thread]