[prev in list] [next in list] [prev in thread] [next in thread]
List: nanog
Subject: Re: NSPs and filters
From: Paul Ferguson <pferguso () cisco ! com>
Date: 1997-07-12 12:34:35
[Download RAW message or body]
FYI, this type of ingress filtering has been documented in
draft-ferguson-ingress-filtering-02.txt.
- paul
At 09:44 PM 07/11/97 -0400, Jon Lewis wrote:
>Why is it that the NSPs I've encountered refuse to do any sort of sanity
>filtering on their customer connections? i.e. If UUNet knows that FDT has
>only 205.229.48/20 and 208.215.0/20, why should they let me send traffic
>through their network with random source addresses?
>
>FDT has been the target of forged source address UDP attacks for the past
>2 days. It's all being stopped at our router that takes our UUNet T1, but
>the extra T1 traffic is causing UUNet's usually unreliable network to be
>even less reliable, and we've lost connectivity to UUNet several times
>this evening.
>
> 5 minute input rate 1326000 bits/sec, 318 packets/sec
> 5 minute output rate 469000 bits/sec, 286 packets/sec
>
>PUNet suppost says there's nothing they can do, and that I should talk to
>their security people about buying a firewall for FDT on monday...like a
>firewall on our side of the T1 is going to do us a lot of good....
>
>------------------------------------------------------------------
> Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will
> Network Administrator | be proof-read for $199/message.
> Florida Digital Turnpike |
>________Finger jlewis@inorganic5.fdt.net for PGP public key_______
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic