On Thu, 20 Jan 2005, James Laszko wrote:
Whats so bad about decent secure defaults?
I don't consider a configuration that disenfranchises part of the internet as "decent [...] defaults." :)
The big problem that we're experiencing here is that the big telco ISP's, network providers and managed service providers that should have something better than a 'network monkey' running their routers are having BOGON filtering problems.
We diagnosed a problem getting to east cost government sites and in working with SAVVIS, we corrected problems in a matter of hours. This has been the only positive progress we've made in unblackholing out network segment. We're going on day number 4 trying to get SBC to fix 'managed' local government routers.
you do understand that for SBC (or anyone who manages customer devices) to make a change: 1) the customer has to be notified of the change and given a reason for the change 2) the customer has to agree to the change (presumably they also have to actually be contacted.... a task of it's own at times) 3) the change has to be scheduled into a maint window 4) the procedures and maintenance changes probably have to be checked over with the 'network monkey' (as you put it) and customer 5) change happens, for 1 customer... Wash, rinse, repeat for the other 70,000 routers you manage for customers... This is definitely NOT a half-rack in a colo fix. Just contacting the customers is a feat. -Chris