At Tuesday 11:01 PM 2/8/00 , Daniel Senie wrote:
Please refer to RFC2644/BCP34 on the subject of directed broadcasts. This RFC recommends router vendors disable directed broadcasts by default. It also recommends ISPs disable directed broadcast on ALL routers. In light of the recent events, it would be good to see a concerted effort made by everyone to ensure this has been done.
I recall that SprintLink had some, uhm, plans to put ingress (and egress?) filters on all interfaces facing dedicated customers that were not multi-homed. This came after realization that education of the end-user was a fruitless and herculian task: Network smarts are virtually non-existent in IT departments, and even loads of smaller ISPs everywhere. Whatever became of this project ?
If you sell a customer a circuit and they do nothing more than default to you with address space you provide, this is easy. If a customer talks BGP to you and you require them to submit prefixs to you for filtering (which should generally be the policy if you want any kind of protection against having 7 coppies of the internet routing tables in your network), this is also easy. You already know which netblocks can be sourced from that connection. If the CPU can handle it, there is no good reason not to do it. ---------------------------------------------------------------------- Wayne Bouchard [Immagine Your ] web@typo.org [Company Name Here] Network Engineer ----------------------------------------------------------------------