RE: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19
Whats so bad about decent secure defaults?
I don't consider a configuration that disenfranchises part of the internet as "decent [...] defaults." :)
The big problem that we're experiencing here is that the big telco ISP's, network providers and managed service providers that should have something better than a 'network monkey' running their routers are having BOGON filtering problems. We diagnosed a problem getting to east cost government sites and in working with SAVVIS, we corrected problems in a matter of hours. This has been the only positive progress we've made in unblackholing out network segment. We're going on day number 4 trying to get SBC to fix 'managed' local government routers. To tell you the truth, the little leaf nodes that have a corporation without world-accessible resources behind their router are unconsequential to us -- let them filter on old BOGON lists -- our customers need to be able to get to the resources that are behind the huge networks that are maintained by companies much larger than ours that are running out of date filters. Why more people don't use resources like what Cymru offer is beyond me... James Laszko Pipeline Communications, Inc. james@pcipros.com
On Thu, 20 Jan 2005, James Laszko wrote:
Whats so bad about decent secure defaults?
I don't consider a configuration that disenfranchises part of the internet as "decent [...] defaults." :)
The big problem that we're experiencing here is that the big telco ISP's, network providers and managed service providers that should have something better than a 'network monkey' running their routers are having BOGON filtering problems.
We diagnosed a problem getting to east cost government sites and in working with SAVVIS, we corrected problems in a matter of hours. This has been the only positive progress we've made in unblackholing out network segment. We're going on day number 4 trying to get SBC to fix 'managed' local government routers.
you do understand that for SBC (or anyone who manages customer devices) to make a change: 1) the customer has to be notified of the change and given a reason for the change 2) the customer has to agree to the change (presumably they also have to actually be contacted.... a task of it's own at times) 3) the change has to be scheduled into a maint window 4) the procedures and maintenance changes probably have to be checked over with the 'network monkey' (as you put it) and customer 5) change happens, for 1 customer... Wash, rinse, repeat for the other 70,000 routers you manage for customers... This is definitely NOT a half-rack in a colo fix. Just contacting the customers is a feat. -Chris
On Thu, 20 Jan 2005 21:14:12 -0800, James Laszko <james@pcipros.com> wrote:
... Why more people don't use resources like what Cymru offer is beyond me...
Not-Invented-Here syndrome? -- GDB has a 'break' feature; why doesn't it have 'fix' too?
participants (3)
-
Chris Kuethe
-
Christopher L. Morrow
-
James Laszko