I'll clarify this...I already noted that antispoof filtering is an exception, and I'll agree that RPF fits loosely under the antispoofing definition as well, albiet in the other direction. -C On Sun, Aug 04, 2002 at 11:19:35PM -0400, Chris Woodfield wrote:
IMO, Commercial ISPs should never filter customer packets unless specifically requested to do so by the customer, or in response to a security/abuse incident.
Consumer ISPs are much more likely to have clauses in the AUPs that are enforced premptively via packet filtering - antispoof filters (honestly, antispoof filtering is, IMHO, the one expection to my "commercial ISPs should not filter" rule), port blocks to prevent customers running servers, outbound SMTP blocks to off-provider systems to stop direct-to-MX spamming, ICMP rate limiting, et al. All of which are fine by me as long as they clearly assert their right to do so in their AUP - that is, as long as there's a comparable provider I can use instead.
-C
On Sun, Aug 04, 2002 at 02:37:12PM +0000, bmanning@karoshi.com wrote:
Good day,
What NSPs do filter packets, and can really deal with DoS and DDoS attacks?
-Abdullah Bin Hamad A.K.A Arabian
The shorter shorter list would be the NSPs that do NOT filter packets. I can't think of an NSP that does not filter.
--bill