On Fri, 2004-12-03 at 00:53 -0500, J. Oquendo wrote:
Considering the talk of banning going on, I was reluctant to post this, anyhow, I wondered how many (if any) have ever thought about the aspect of vendors deciding to implement some form of default bogon filtering on their products. With all of the talk about DoS botnets, and issues surrounding allocated address ranges (for whatever the purpose), I'm curious to know why a vendor like Juniper, or Cisco, or whomever doesn't implement a mechanism to automatically do the filtering. Wouldn't this minimize a vast amount of issues surrounding DoS attacks?
Let people first use RPF, when they are doing that we can see what the next step is. That next step is in the direction of what Team Cymru is doing... redist-filter could help there a lot. There is one thing though which is somewhat a problem with these setups, one has to trust the source of the filters, they are technically controlling your network, who you talk to and who not. And this little technical issue can be a huge political issue. I personally would really like to see a 'valid prefixes' feed from the RIR's. Then again, the amount of 'crap' coming from un-assigned/illegal prefixes is minimal compared to the vast DDoS nets around and for the latter there are some solutions available if you contact the correct people... Greets, Jeroen PS: Why would this be a 'bannable' subject? It is about _network operations_ isn't it? And otherwise I am quite sure that the ones in check of the rules will be so nice to point out differently, if one on the otherhand already thinks it is a wrong subject, then why post at all.... but that is an IMO ;)