I fully agree with Mark, These simple things in themselves will not stop some people from doing certain things, but it will prevent the typical 'script kiddies' and it will make the Internet a better place for all, Gone are the days when we can sit back and say 'not my problem' The main reason the Internet will carry on growing is to do with QoS, and this, although very small is the first step in making it work... just my 2p worth Richard Smith Firstnet Leeds -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Mark Mentovai Sent: 02 November 2000 14:59 To: nanog@merit.edu Subject: Re: DoS attacks, NSPs unresponsiveness John Fraizer wrote:
Is there a chance that by helping one another, and by implementing Internet RFCs corrctly (rfc 1918 for example), we can contribute to the elimination of this kind of electronic terrorism ?
RFC1918 specifically addresses filtering routing information. Not spoofed addresses. It states "routing information about private networks shall not be propagated on inter-enterprise links, and packets with private source or destination addresses should not be forwarded across such links." Notice the placement of "shall" and "should."
Although 1918 was given only as an example, substituting the number 1918 for 2827 is a common mistake. RFC 2827 addresses spoofing and is a BCP. You can't argue that widespread implementation of RFC 2827's concepts wouldn't benefit the Internet.
Now, in specific response to your question about eliminating electronic terrorism, it is doubtful. Doubtful that you'll ever: #1 spread enough clue around. #2 get everyone to cooperate.
This can't go on forever. I'd like to spread the clue about ingress filtering, and am willing to commit time to the cause. Is anyone with me? Mark