Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons

• Previous message (by thread): Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons
• Next message (by thread): Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 6 Mar 2007, Sean Donelan wrote:

> Isn't this true of everything (bad source addresses, worms, abuse, etc). 
> Does hiding/ignoring the problem just makes it worse because there is no 
> incentive to fix the problem while it is still a small problem? If it 
> isn't important enough to bother the customer, why bother to fix it?

Let's take a concrete example:

Customer gets hacked, one of their boxen starts spewing traffic with 
spoofed addresses. The way I understand your solution is to automatically 
shut their port and disrupt all their traffic, and have them call customer 
support to get any further.

Do you really think this is a good solution?

I don't see any customer with a choice continuing having a relationship 
with me if I treat them like that. It will cost me and them too much.

So instead I just drop their spoofed traffic and if they call and say that 
their line is slow, I'll just say it's full and they can themselves track 
down the offending machine and shut it off to solve the problem.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se

• Previous message (by thread): Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons
• Next message (by thread): Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]