On Thu, 10 Feb 2000, Randy Bush wrote:
I want something for clueful people to be able to type after "conf t". Asking people who probably aren't on this mailing list and almost certainly don't understand the problem to fix *their* network does not cut the mustard.
e.g. the problem with the ddos attacks is that the pain is far removed from the enabling causes, thus severely weakening prophylactic motivations. two trends may help. as the pain is more universally felt, the motivation may spread. and i suspect that the inclination to peer with non-motivated isps may change.
randy
At minumum, a hurt can be put on networks that are irresponsible/innane by effectively blackholeing them. neighbor db.bad-networks.blah.someone.com remote-as blah-blah neighbor db.bad-networks.blah.someone.com description DB of bad networks neighbor db.bad-networks.blah.someone.com route-map blackhole in neighbor db.bad-networks.blah.someone.com filter-list 2 out ! route-map blackhole permit 10 set ip next-hop 127.0.0.1 ! Suddenlt being blackholed from those of use who don't wish to deal with operators who won't/can't secure their network might actually get their attention. Much the same as denying the entire APNIC allocation in .htaccess substantially reduces CC fraud on e-commerce sites. I know. It's akin to killing a fly with a sledge-hammer but sometimes it's worth it. -------------------------------------------- |Signature line included for Jay R Ashworth| -------------------------------------------- John Fraizer EnterZone, Inc