David Schwartz <davids@webmaster.com> spewed:
The important thing to realize is that neither of these situations is ideal. That is, filters don't solve the problem. We need to acknowledge that
Filters don't solve the problem. That I'll agree to. Filters prevent it from being MY problem when your dumbass customer has a dumbass customer who has a shell server that is r00ted and becomes a DoS source. How can you be so blind?
we have a problem and don't have a solution to it. Only then will the problem be analyzed, solutions proposed, and implemented.
The problem is people like you who refuse to filter. If you filter, you can only be the problem if the SOURCE ip addresses belong to YOU! If your customers want to do mobile IP, no problem. Have them register with your NOC what IP addresses they'll be sourcing. Then, YOU register as an origin for those IP addresses in (pick your database that is mirrored in RADB). *THEN* if your customer causes a problem, we know who to contact by looking at not only ARIN but also RADB.
I don't know, I'm not smart enough to solve the problem by myself. All I
...And it appears you're too stubborn to fix what portion of the problem you have control over.
can do is keep yelling as loudly as I can that there is a problem and that we do need a really good solution.
And all I can say is that if I find out that you're network is the source of a DoS towards mine, I'll do whatever necessarry, no matter the consequences to your network, to minimize the damage to my network. This includes ANYTHING I can think of to make the problem (read YOUR NETWORK) go away.
DS
I won't even go there. --- John Fraizer EnterZone, Inc