That would be a good starting point for the more sophisticated users however most small networks have very uneven clue distribution so I believe something in a FAQ format would be more approachable to the small ISP/Network operator and therefore more likely to be implemented even if they did not fully understand the configuration. We also need to create documents which explain what each of the configs do
-----Original Message----- From: Chris Cook [SMTP:ccook@netasset.com] Sent: Wednesday, January 13, 1999 1:28 PM To: 'Scott McGrath' Subject: RE: Smurfing and IP filtering
This is a really good idea. A thought on what to start with would the Cisco IOS Essentials Guide that was mentioned about a month ago. I have begun implementing parts of this on our edge devices (mostly cisco's). It could probably be simplified and amended (for things like Bay hardware).
Chris Cook
NetAsset, LLC Fresno, CA
-----Original Message----- From: Scott McGrath [mailto:SMcGrath@YBP.com] Sent: Wednesday, January 13, 1999 9:08 AM To: nanog@merit.edu Subject: Smurfing and IP filtering
I have been lurking on the Smurfing issue for a while
In my experience most tier 2&3 ISP's when they sell T1 access to the internet just deliver a basic configuration on the router with NO route filters whatever they do not even put the most basic access restrictions on the router We as a group should create a best practices document (with sample config's) to increase the distribution of cluefulness across the network as a whole to reduce the incidence of these problems and make less firefighting neccessary for ourselves.
Scott Mc Grath Yankee Book Peddler 999 Maple Street Contoocook, NH 03229 Phone: 603 746-3102 x3350 Fax: 603 746-5628
mailto:smcgrath@ybp.com
On Wed, Jan 13, 1999 at 02:19:47PM -0500, Scott McGrath wrote:
That would be a good starting point for the more sophisticated users however most small networks have very uneven clue distribution so I believe something in a FAQ format would be more approachable to the small ISP/Network operator
...why not both? Cover configuration for, say, the top 5 brands of routers (which, realistically, should cover the majority of ISP's out there...) -- Steve Sobol [sjsobol@nacs.net] Part-time Support Droid [support@nacs.net] NACS Spaminator [abuse@nacs.net] Proud resident of Cleveland Heights, Ohio, the coolest place on earth. http://www.ClevelandHeights.com
There is RFC recommendation for the router. Why there is not RFC describing the policy (mandatory!) for the ISP? On Wed, 13 Jan 1999, Steven J. Sobol wrote:
Date: Wed, 13 Jan 1999 21:50:21 -0500 From: Steven J. Sobol <sjsobol@nacs.net> To: Scott McGrath <SMcGrath@YBP.com> Cc: Chris Cook <ccook@netasset.com>, nanog@merit.edu Subject: Re: Smurfing and IP filtering
On Wed, Jan 13, 1999 at 02:19:47PM -0500, Scott McGrath wrote:
That would be a good starting point for the more sophisticated users however most small networks have very uneven clue distribution so I believe something in a FAQ format would be more approachable to the small ISP/Network operator
...why not both?
Cover configuration for, say, the top 5 brands of routers (which, realistically, should cover the majority of ISP's out there...)
-- Steve Sobol [sjsobol@nacs.net] Part-time Support Droid [support@nacs.net] NACS Spaminator [abuse@nacs.net]
Proud resident of Cleveland Heights, Ohio, the coolest place on earth. http://www.ClevelandHeights.com
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
On Thu, Jan 14, 1999 at 01:30:01PM +0300, Alex P. Rudnev wrote:
There is RFC recommendation for the router.
Why there is not RFC describing the policy (mandatory!) for the ISP?
An RFC is a recommendation. A typical RFC usually ends up being a de-facto standard, however it does not have the force of law. Backbone operators have to start putting pressure on their downstreams to fix their router configs. The downstreams have to put pressure on THEIR downstreams, etc. The only way to get everyone to fix their routers is to write clauses into contracts saying "if your network ends up being a smurf amplifier, and we find that your routers are misconfigured, you will be disconnected from the Net without any kind of refund or credit for your downtime, and you will remain down until you fix things." That, and education, will do the trick. -- Steve Sobol [sjsobol@nacs.net] Part-time Support Droid [support@nacs.net] NACS Spaminator [abuse@nacs.net] Proud resident of Cleveland Heights, Ohio, the coolest place on earth. http://www.ClevelandHeights.com
participants (3)
-
Alex P. Rudnev -
Scott McGrath -
Steven J. Sobol