On Thu, 24 Oct 2002 18:59:46 -0000, "Kelly J. Cooper" <kcooper@genuity.net> said:
You know, most bars have bouncers at the door that check IDs. Sure, they're not perfect, but the bartender can usually be pretty sure the guy ordering a beer is over 21. The average bar isn't run by a soooper-genius. But it's still considered fashionable to let packets roam your network without an ID check at the door.
Yeah and how's that working so far?
Works a lot better than making an overworked bartender do it. And yes, that's an intentional dig at the "but you can't filter at the core" crowd, and the "but you can't backtrack spoofed traffic easily" crowd... How well does it work? Well enough that you can drive by a bar and just *know* that it's a dead night because there's no bouncer. And it's never a dead night on the Internet.
soooper-genius solutions aren't going to help any when there's a lot of address space that's managed by Homer Simpson....
But there will always be address space managed by Homer Simpson.
Why? I'm asking a serious question here - why is it considered acceptable?
All I'm advocating is breaking out of that pattern.
I bet a few good lawsuits alleging civil liability for contributory negligence for allowing spoofed packets would do wonders for that problem. I posit that there won't be any "sooper genius" solution that will actually work as long as the prevailing model is small islands of clue awash in a sea of Homer Simpsons. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech