Re: SYN Flooding [info] (fwd)
While I agree with the goal here, I've been a bit disturbed by the undercurrent of antipathy toward 'clueless small ISPs'. I'm as small as ISPs come, and I've been outbound filtering against source addresses not in my address space at least since last April. How many of the clueful here can say that? Not many, I'll venture. For that matter, when did Alexis begin filtering outbound?
Cluelessness has very little to do with the size of the ISP, as anyone who has had to call the customer service line of any large or small ISP can attest. I've been filtering inbound and outbound since before most of the "major" ISPs got in the Internet business. But I'm not smart enough to have thought up the idea on my own. I read someone else's paper and followed their suggestions. Of course, there were a lot fewer papers and books about TCP/IP back then, so it was easier to read them all.
I'd like the concept changed from 'forcing' to 'educating' and to have it done without disparagement for not already knowing.
Once again it does bring up the importance of inter-provider cooperation. It doesn't really matter if you a a huge ISP or a little ISP, your actions have network-wide effects. Any provider who ignores a problem report from any source puts not only their own network at risk, but everyone elses as well. The problem won't go away just because you hang up the phone or ignore the e-mail message. Putting your head in the sand, or saying you will only accept problem referrals from arbitrarily defined "peer" providers just means you won't learn about the problem in a timely fashion. We've tried the one golden rule, the one with the gold makes the rules. Maybe its time to try the other golden rule, treat other providers as you would have them treat you. -- Sean Donelan, Data Research Associates, Inc, St. Louis, MO Affiliation given for identification not representation
participants (1)
-
Sean Donelan